DATABASE RESOURCES PRICING ABOUT US

{"id": "CVE-2022-21451", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2022-21451", "description": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "published": "2022-04-19T21:15:00", "modified": "2022-09-21T19:57:00", "epss": [{"cve": "CVE-2022-21451", "epss": 0.00053, "percentile": 0.19164, "modified": "2023-06-14"}], "cvss": {"score": 2.1, "vector": "AV:N/AC:H/Au:S/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "HIGH", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 2.1}, "severity": "LOW", "exploitabilityScore": 3.9, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 0.7, "impactScore": 3.6}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21451", "reporter": "secalert_us@oracle.com", "references": ["https://www.oracle.com/security-alerts/cpuapr2022.html", "https://security.netapp.com/advisory/ntap-20220429-0005/"], "cvelist": ["CVE-2022-21451"], "immutableFields": [], "lastseen": "2023-06-14T14:16:34", "viewCount": 73, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}, "dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2022:6590", "ALSA-2022:7119"]}, {"type": "altlinux", "idList": ["462FD49112FE85163EF025EFB6E6CCFC"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:68E476AF9D5B8FC907942BBA54BB31EB"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-21451"]}, {"type": "f5", "idList": ["F5:K63314101"]}, {"type": "freebsd", "idList": ["ADD683BE-BD76-11EC-A06F-D4C9EF517024"]}, {"type": "ibm", "idList": ["064FD556C4762AE8E89F37889FD34F9616BE42AFD5AC481AFEE2D3E4FE61094B"]}, {"type": "nessus", "idList": ["ALMA_LINUX_ALSA-2022-6590.NASL", "ALMA_LINUX_ALSA-2022-7119.NASL", "CENTOS8_RHSA-2022-1557.NASL", "CENTOS8_RHSA-2022-7119.NASL", "MARIADB_10_2_38.NASL", "MARIADB_10_3_29.NASL", "MARIADB_10_4_19.NASL", "MARIADB_10_5_10.NASL", "MARINER_MYSQL_CVE-2022-21451.NASL", "MYSQL_5_7_38.NASL", "MYSQL_8_0_29.NASL", "ORACLELINUX_ELSA-2022-6590.NASL", "ORACLELINUX_ELSA-2022-7119.NASL", "REDHAT-RHSA-2022-1007.NASL", "REDHAT-RHSA-2022-1010.NASL", "REDHAT-RHSA-2022-1556.NASL", "REDHAT-RHSA-2022-1557.NASL", "REDHAT-RHSA-2022-6518.NASL", "REDHAT-RHSA-2022-6590.NASL", "REDHAT-RHSA-2022-7119.NASL", "UBUNTU_USN-5400-1.NASL", "UBUNTU_USN-5400-2.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2022"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-6590", "ELSA-2022-7119"]}, {"type": "photon", "idList": ["PHSA-2022-0187", "PHSA-2022-0415", "PHSA-2022-0471", "PHSA-2022-3.0-0415", "PHSA-2022-4.0-0187"]}, {"type": "redhat", "idList": ["RHSA-2022:1007", "RHSA-2022:1010", "RHSA-2022:1556", "RHSA-2022:1557", "RHSA-2022:6518", "RHSA-2022:6590", "RHSA-2022:7119"]}, {"type": "redhatcve", "idList": ["RH:CVE-2022-21451"]}, {"type": "rocky", "idList": ["RLSA-2022:1556", "RLSA-2022:1557", "RLSA-2022:6590", "RLSA-2022:7119"]}, {"type": "ubuntu", "idList": ["USN-5400-1", "USN-5400-2"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-21451"]}, {"type": "veracode", "idList": ["VERACODE:37940"]}]}, "twitter": {"counter": 4, "tweets": [{"link": "https://twitter.com/www_sesin_at/status/1572772108370952194", "text": "New post from https://t.co/9KYxtdZjkl (CVE-2022-21451 (active_iq_unified_manager, mariadb, mysql, oncommand_insight, oncommand_workflow_automation, snapcenter)) has been published on https://t.co/Eu9SL0eUth", "author": "www_sesin_at", "author_photo": "https://pbs.twimg.com/profile_images/958100963822329858/fb_N8h5n_400x400.jpg"}, {"link": "https://twitter.com/WolfgangSesin/status/1572772102586990593", "text": "New post from https://t.co/uXvPWJy6tj (CVE-2022-21451 (active_iq_unified_manager, mariadb, mysql, oncommand_insight, oncommand_workflow_automation, snapcenter)) has been published on https://t.co/LnYLie3deB", "author": "WolfgangSesin", "author_photo": "https://pbs.twimg.com/profile_images/957011635369054208/Om3jbj7z_400x400.jpg"}]}, "epss": [{"cve": "CVE-2022-21451", "epss": 0.00053, "percentile": 0.19193, "modified": "2023-05-01"}], "vulnersScore": 2.1}, "_state": {"score": 1686767231, "dependencies": 1686763837, "twitter": 0, "affected_software_major_version": 0, "epss": 0}, "_internal": {"score_hash": "2becd5dff656457fdd2d374225bd832b"}, "cna_cvss": {"cna": "Oracle", "cvss": {"3": {"vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "score": 4.4}}}, "cpe": ["cpe:/a:netapp:active_iq_unified_manager:-", "cpe:/a:oracle:mysql:8.0.28", "cpe:/a:oracle:mysql:5.7.37", "cpe:/a:netapp:snapcenter:-", "cpe:/a:netapp:oncommand_workflow_automation:-", "cpe:/a:netapp:oncommand_insight:-"], "cpe23": ["cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:8.0.28:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:mysql:5.7.37:*:*:*:*:*:*:*", "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*"], "cwe": ["NVD-CWE-noinfo"], "affectedSoftware": [{"cpeName": "oracle:mysql", "version": "5.7.37", "operator": "le", "name": "oracle mysql"}, {"cpeName": "oracle:mysql", "version": "8.0.28", "operator": "le", "name": "oracle mysql"}, {"cpeName": "netapp:snapcenter", "version": "-", "operator": "eq", "name": "netapp snapcenter"}, {"cpeName": "netapp:oncommand_workflow_automation", "version": "-", "operator": "eq", "name": "netapp oncommand workflow automation"}, {"cpeName": "netapp:oncommand_insight", "version": "-", "operator": "eq", "name": "netapp oncommand insight"}, {"cpeName": "netapp:active_iq_unified_manager", "version": "-", "operator": "eq", "name": "netapp active iq unified manager"}, {"cpeName": "mariadb:mariadb", "version": "10.5.10", "operator": "lt", "name": "mariadb"}, {"cpeName": "mariadb:mariadb", "version": "10.2.38", "operator": "lt", "name": "mariadb"}, {"cpeName": "mariadb:mariadb", "version": "10.3.29", "operator": "lt", "name": "mariadb"}, {"cpeName": "mariadb:mariadb", "version": "10.4.19", "operator": "lt", "name": "mariadb"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:mysql:5.7.37:*:*:*:*:*:*:*", "versionStartIncluding": "5.7.0", "versionEndIncluding": "5.7.37", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:oracle:mysql:8.0.28:*:*:*:*:*:*:*", "versionStartIncluding": "8.0.0", "versionEndIncluding": "8.0.28", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "cpe_name": []}]}, {"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:mariadb:mariadb:10.5.10:*:*:*:*:*:*:*", "versionStartIncluding": "10.5.0", "versionEndExcluding": "10.5.10", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:mariadb:mariadb:10.2.38:*:*:*:*:*:*:*", "versionStartIncluding": "10.2.0", "versionEndExcluding": "10.2.38", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:mariadb:mariadb:10.3.29:*:*:*:*:*:*:*", "versionStartIncluding": "10.3.0", "versionEndExcluding": "10.3.29", "cpe_name": []}, {"vulnerable": true, "cpe23Uri": "cpe:2.3:a:mariadb:mariadb:10.4.19:*:*:*:*:*:*:*", "versionStartIncluding": "10.4.0", "versionEndExcluding": "10.4.19", "cpe_name": []}]}]}, "extraReferences": [{"url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "tags": ["Vendor Advisory"]}, {"url": "https://security.netapp.com/advisory/ntap-20220429-0005/", "name": "https://security.netapp.com/advisory/ntap-20220429-0005/", "refsource": "CONFIRM", "tags": ["Third Party Advisory"]}], "product_info": [{"vendor": "Oracle Corporation", "product": "MySQL Server"}], "solutions": [], "workarounds": [], "impacts": [], "problemTypes": [{"descriptions": [{"description": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.", "lang": "en", "type": "text"}]}], "exploits": [], "assigned": "1976-01-01T00:00:00"}

{"veracode": [{"lastseen": "2023-06-14T14:18:42", "description": "rh-mysql80-mysql is vulnerable to denial of service. The vulnerability exists in the `InnoDB` component, allowing an attacker to cause an application crash through the multiple protocols. \n", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-11-10T00:30:01", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21451"], "modified": "2022-11-17T03:11:16", "id": "VERACODE:37940", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-37940/summary", "cvss": {"score": 2.1, "vector": "AV:N/AC:H/Au:S/C:N/I:N/A:P"}}], "mariadbunix": [{"lastseen": "2023-09-13T21:26:06", "description": "**Disclaimer**:\n_This data contains information about vulnerable...", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-19T21:15:00", "type": "mariadbunix", "title": "CVE-2022-21451", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21451"], "modified": "2022-09-21T19:57:00", "id": "MARIA:CVE-2022-21451", "href": "", "cvss": {"score": 2.1, "vector": "AV:N/AC:H/Au:S/C:N/I:N/A:P"}, "privateArea": 1}], "prion": [{"lastseen": "2023-08-15T15:42:21", "description": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-19T21:15:00", "type": "prion", "title": "CVE-2022-21451", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21451"], "modified": "2022-09-21T19:57:00", "id": "PRION:CVE-2022-21451", "href": "https://kb.prio-n.com/vulnerability/CVE-2022-21451", "cvss": {"score": 2.1, "vector": "AV:N/AC:H/Au:S/C:N/I:N/A:P"}}], "redhatcve": [{"lastseen": "2023-06-14T14:55:33", "description": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-06T16:55:55", "type": "redhatcve", "title": "CVE-2022-21451", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21451"], "modified": "2023-04-06T08:51:21", "id": "RH:CVE-2022-21451", "href": "https://access.redhat.com/security/cve/cve-2022-21451", "cvss": {"score": 2.1, "vector": "AV:N/AC:H/Au:S/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2023-08-09T15:26:13", "description": "Vulnerability in the MySQL Server product of Oracle MySQL (component:\nInnoDB). Supported versions that are affected are 5.7.37 and prior and\n8.0.28 and prior. Difficult to exploit vulnerability allows high privileged\nattacker with network access via multiple protocols to compromise MySQL\nServer. Successful attacks of this vulnerability can result in unauthorized\nability to cause a hang or frequently repeatable crash (complete DOS) of\nMySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector:\n(CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n#### Notes\n\nAuthor| Note \n---|--- \n[leosilva](<https://launchpad.net/~leosilva>) | since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored.\n", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-19T00:00:00", "type": "ubuntucve", "title": "CVE-2022-21451", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21451"], "modified": "2022-04-19T00:00:00", "id": "UB:CVE-2022-21451", "href": "https://ubuntu.com/security/CVE-2022-21451", "cvss": {"score": 2.1, "vector": "AV:N/AC:H/Au:S/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2023-06-14T14:38:43", "description": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "baseScore": 4.4, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-19T21:15:00", "type": "debiancve", "title": "CVE-2022-21451", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21451"], "modified": "2022-04-19T21:15:00", "id": "DEBIANCVE:CVE-2022-21451", "href": "https://security-tracker.debian.org/tracker/CVE-2022-21451", "cvss": {"score": 2.1, "vector": "AV:N/AC:H/Au:S/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2023-08-05T13:04:08", "description": "The version of mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-21451 advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21451)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-28T00:00:00", "type": "nessus", "title": "CBL Mariner 2.0 Security Update: mysql (CVE-2022-21451)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21451"], "modified": "2023-04-20T00:00:00", "cpe": ["p-cpe:/a:microsoft:cbl-mariner:mysql", "p-cpe:/a:microsoft:cbl-mariner:mysql-debuginfo", "p-cpe:/a:microsoft:cbl-mariner:mysql-devel", "x-cpe:/o:microsoft:cbl-mariner"], "id": "MARINER_MYSQL_CVE-2022-21451.NASL", "href": "https://www.tenable.com/plugins/nessus/173486", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(173486);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/20\");\n\n script_cve_id(\"CVE-2022-21451\");\n script_xref(name:\"IAVA\", value:\"2022-A-0168-S\");\n\n script_name(english:\"CBL Mariner 2.0 Security Update: mysql (CVE-2022-21451)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CBL Mariner host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected\nby a vulnerability as referenced in the CVE-2022-21451 advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21451)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://nvd.nist.gov/vuln/detail/CVE-2022-21451\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-21451\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:mysql-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:microsoft:cbl-mariner\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MarinerOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CBLMariner/release\", \"Host/CBLMariner/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CBLMariner/release');\nif (isnull(release) || 'CBL-Mariner' >!< release) audit(AUDIT_OS_NOT, 'CBL-Mariner');\nvar os_ver = pregmatch(pattern: \"CBL-Mariner ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CBL-Mariner');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CBL-Mariner 2.0', 'CBL-Mariner ' + os_ver);\n\nif (!get_kb_item('Host/CBLMariner/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu)\n audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CBL-Mariner', cpu);\n\nvar pkgs = [\n {'reference':'mysql-8.0.29-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-8.0.29-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-debuginfo-8.0.29-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-debuginfo-8.0.29-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-devel-8.0.29-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-devel-8.0.29-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'CBLMariner-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mysql / mysql-debuginfo / mysql-devel');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:27:51", "description": "The version of MariaDB installed on the remote host is prior to 10.3.29. It is, therefore, affected by multiple vulnerabilities as referenced in the mariadb-10329-release-notes advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-2154)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-2166)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-04-27T00:00:00", "type": "nessus", "title": "MariaDB 10.3.0 < 10.3.29 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-2154", "CVE-2021-2166", "CVE-2022-21451"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_10_3_29.NASL", "href": "https://www.tenable.com/plugins/nessus/149030", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149030);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2021-2154\", \"CVE-2021-2166\", \"CVE-2022-21451\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"MariaDB 10.3.0 < 10.3.29 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB installed on the remote host is prior to 10.3.29. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mariadb-10329-release-notes advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions\n that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2021-2154)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions\n that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2021-2166)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/mariadb-10329-release-notes\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 10.3.29 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-2166\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/27\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude('mysql_version.inc');\n\nmysql_check_version(variant: 'MariaDB', min:'10.3.0-MariaDB', fixed:make_list('10.3.29-MariaDB'), severity:SECURITY_WARNING);", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:29:07", "description": "The version of MariaDB installed on the remote host is prior to 10.4.19. It is, therefore, affected by multiple vulnerabilities as referenced in the mariadb-10419-release-notes advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-2154)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-2166)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-05-03T00:00:00", "type": "nessus", "title": "MariaDB 10.4.0 < 10.4.19 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-2154", "CVE-2021-2166", "CVE-2022-21451"], "modified": "2022-12-06T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_10_4_19.NASL", "href": "https://www.tenable.com/plugins/nessus/149238", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149238);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/06\");\n\n script_cve_id(\"CVE-2021-2154\", \"CVE-2021-2166\", \"CVE-2022-21451\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"MariaDB 10.4.0 < 10.4.19 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB installed on the remote host is prior to 10.4.19. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mariadb-10419-release-notes advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions\n that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2021-2154)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions\n that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2021-2166)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/mariadb-10419-release-notes\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 10.4.19 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-2166\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/03\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude('mysql_version.inc');\n\nmysql_check_version(variant: 'MariaDB', min:'10.4.0-MariaDB', fixed:make_list('10.4.19-MariaDB'), severity:SECURITY_WARNING);", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:08:18", "description": "The version of MariaDB installed on the remote host is prior to 10.5.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mariadb-10510-release-notes advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-2154)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-2166)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-04-27T00:00:00", "type": "nessus", "title": "MariaDB 10.5.0 < 10.5.10 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-2154", "CVE-2021-2166", "CVE-2022-21451"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_10_5_10.NASL", "href": "https://www.tenable.com/plugins/nessus/149031", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149031);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\"CVE-2021-2154\", \"CVE-2021-2166\", \"CVE-2022-21451\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"MariaDB 10.5.0 < 10.5.10 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB installed on the remote host is prior to 10.5.10. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mariadb-10510-release-notes advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions\n that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2021-2154)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions\n that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2021-2166)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/mariadb-10510-release-notes\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 10.5.10 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-2166\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/27\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude('mysql_version.inc');\n\nmysql_check_version(variant: 'MariaDB', min:'10.5.0-MariaDB', fixed:make_list('10.5.10-MariaDB'), severity:SECURITY_WARNING);", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:08:14", "description": "The version of MariaDB installed on the remote host is prior to 10.2.38. It is, therefore, affected by multiple vulnerabilities as referenced in the mariadb-10238-release-notes advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-2154)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-2166)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-2180)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-04-27T00:00:00", "type": "nessus", "title": "MariaDB 10.2.0 < 10.2.38 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-2154", "CVE-2021-2166", "CVE-2021-2180", "CVE-2022-21451"], "modified": "2022-12-07T00:00:00", "cpe": ["cpe:/a:mariadb:mariadb"], "id": "MARIADB_10_2_38.NASL", "href": "https://www.tenable.com/plugins/nessus/149002", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149002);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/07\");\n\n script_cve_id(\n \"CVE-2021-2154\",\n \"CVE-2021-2166\",\n \"CVE-2021-2180\",\n \"CVE-2022-21451\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"MariaDB 10.2.0 < 10.2.38 Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of MariaDB installed on the remote host is prior to 10.2.38. It is, therefore, affected by multiple\nvulnerabilities as referenced in the mariadb-10238-release-notes advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions\n that are affected are 5.7.33 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2021-2154)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions\n that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2021-2166)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2021-2180)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://mariadb.com/kb/en/mariadb-10238-release-notes\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MariaDB version 10.2.38 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-2180\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/27\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:mariadb:mariadb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude('mysql_version.inc');\n\nmysql_check_version(variant: 'MariaDB', min:'10.2.0-MariaDB', fixed:make_list('10.2.38-MariaDB'), severity:SECURITY_WARNING);", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-19T15:09:10", "description": "The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5400-2 advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21417)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21427)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21444)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21451)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).\n Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21454)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N). (CVE-2022-21460)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-04T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : MySQL vulnerabilities (USN-5400-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21417", "CVE-2022-21427", "CVE-2022-21444", "CVE-2022-21451", "CVE-2022-21454", "CVE-2022-21460"], "modified": "2023-07-10T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libmysqlclient-dev", "p-cpe:/a:canonical:ubuntu_linux:libmysqlclient20", "p-cpe:/a:canonical:ubuntu_linux:libmysqld-dev", "p-cpe:/a:canonical:ubuntu_linux:mysql-client", "p-cpe:/a:canonical:ubuntu_linux:mysql-client-5.7", "p-cpe:/a:canonical:ubuntu_linux:mysql-client-core-5.7", "p-cpe:/a:canonical:ubuntu_linux:mysql-common", "p-cpe:/a:canonical:ubuntu_linux:mysql-server", "p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.7", "p-cpe:/a:canonical:ubuntu_linux:mysql-server-core-5.7", "p-cpe:/a:canonical:ubuntu_linux:mysql-source-5.7", "p-cpe:/a:canonical:ubuntu_linux:mysql-testsuite", "p-cpe:/a:canonical:ubuntu_linux:mysql-testsuite-5.7"], "id": "UBUNTU_USN-5400-2.NASL", "href": "https://www.tenable.com/plugins/nessus/160507", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5400-2. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160507);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/10\");\n\n script_cve_id(\n \"CVE-2022-21417\",\n \"CVE-2022-21427\",\n \"CVE-2022-21444\",\n \"CVE-2022-21451\",\n \"CVE-2022-21454\",\n \"CVE-2022-21460\"\n );\n script_xref(name:\"USN\", value:\"5400-2\");\n script_xref(name:\"IAVA\", value:\"2022-A-0168-S\");\n\n script_name(english:\"Ubuntu 16.04 LTS : MySQL vulnerabilities (USN-5400-2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-5400-2 advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21417)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions\n that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21427)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions\n that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows\n high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21444)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21451)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).\n Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability\n impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21454)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions\n that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows\n high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized access to critical data or complete access to all\n MySQL Server accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N). (CVE-2022-21460)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5400-2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-21460\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmysqlclient-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmysqlclient20\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmysqld-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-client-5.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-client-core-5.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server-core-5.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-source-5.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-testsuite-5.7\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '16.04', 'pkgname': 'libmysqlclient-dev', 'pkgver': '5.7.38-0ubuntu0.16.04.1+esm1'},\n {'osver': '16.04', 'pkgname': 'libmysqlclient20', 'pkgver': '5.7.38-0ubuntu0.16.04.1+esm1'},\n {'osver': '16.04', 'pkgname': 'libmysqld-dev', 'pkgver': '5.7.38-0ubuntu0.16.04.1+esm1'},\n {'osver': '16.04', 'pkgname': 'mysql-client', 'pkgver': '5.7.38-0ubuntu0.16.04.1+esm1'},\n {'osver': '16.04', 'pkgname': 'mysql-client-5.7', 'pkgver': '5.7.38-0ubuntu0.16.04.1+esm1'},\n {'osver': '16.04', 'pkgname': 'mysql-client-core-5.7', 'pkgver': '5.7.38-0ubuntu0.16.04.1+esm1'},\n {'osver': '16.04', 'pkgname': 'mysql-common', 'pkgver': '5.7.38-0ubuntu0.16.04.1+esm1'},\n {'osver': '16.04', 'pkgname': 'mysql-server', 'pkgver': '5.7.38-0ubuntu0.16.04.1+esm1'},\n {'osver': '16.04', 'pkgname': 'mysql-server-5.7', 'pkgver': '5.7.38-0ubuntu0.16.04.1+esm1'},\n {'osver': '16.04', 'pkgname': 'mysql-server-core-5.7', 'pkgver': '5.7.38-0ubuntu0.16.04.1+esm1'},\n {'osver': '16.04', 'pkgname': 'mysql-source-5.7', 'pkgver': '5.7.38-0ubuntu0.16.04.1+esm1'},\n {'osver': '16.04', 'pkgname': 'mysql-testsuite', 'pkgver': '5.7.38-0ubuntu0.16.04.1+esm1'},\n {'osver': '16.04', 'pkgname': 'mysql-testsuite-5.7', 'pkgver': '5.7.38-0ubuntu0.16.04.1+esm1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libmysqlclient-dev / libmysqlclient20 / libmysqld-dev / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:43:43", "description": "The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2022 CPU advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)).\n Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-0778)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).\n Supported versions that are affected are 5.7.37 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21454)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21427)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-20T00:00:00", "type": "nessus", "title": "Oracle MySQL Server (Apr 2022 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0778", "CVE-2022-21417", "CVE-2022-21427", "CVE-2022-21444", "CVE-2022-21451", "CVE-2022-21454", "CVE-2022-21460"], "modified": "2023-04-20T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_5_7_38.NASL", "href": "https://www.tenable.com/plugins/nessus/159976", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159976);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/20\");\n\n script_cve_id(\n \"CVE-2022-0778\",\n \"CVE-2022-21417\",\n \"CVE-2022-21427\",\n \"CVE-2022-21444\",\n \"CVE-2022-21451\",\n \"CVE-2022-21454\",\n \"CVE-2022-21460\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0168-S\");\n\n script_name(english:\"Oracle MySQL Server (Apr 2022 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the\nApril 2022 CPU advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)).\n Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability\n allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash\n (complete DOS) of MySQL Server. (CVE-2022-0778)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).\n Supported versions that are affected are 5.7.37 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21454)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions\n that are affected are 5.7.37 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21427)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/docs/tech/security-alerts/cpuapr2022cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuapr2022.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the April 2022 Oracle Critical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:S/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-21460\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/20\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude('mysql_version.inc');\n\nmysql_check_version(fixed:'5.7.38', min:'5.7', severity:SECURITY_NOTE);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:44:12", "description": "The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2022:1557 advisory.\n\n - mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154, CVE-2021-2166)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372, CVE-2021-2389)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)\n\n - mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657)\n\n - mariadb: save_window_function_values triggers an abort during IN subquery (CVE-2021-46658)\n\n - mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662)\n\n - mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666)\n\n - mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-28T00:00:00", "type": "nessus", "title": "CentOS 8 : mariadb:10.5 (CESA-2022:1557)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-2154", "CVE-2021-2166", "CVE-2021-2372", "CVE-2021-2389", "CVE-2021-35604", "CVE-2021-46657", "CVE-2021-46658", "CVE-2021-46662", "CVE-2021-46666", "CVE-2021-46667", "CVE-2022-21451"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:judy"], "id": "CENTOS8_RHSA-2022-1557.NASL", "href": "https://www.tenable.com/plugins/nessus/160300", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2022:1557. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160300);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2021-2154\",\n \"CVE-2021-2166\",\n \"CVE-2021-2372\",\n \"CVE-2021-2389\",\n \"CVE-2021-35604\",\n \"CVE-2021-46657\",\n \"CVE-2021-46658\",\n \"CVE-2021-46662\",\n \"CVE-2021-46666\",\n \"CVE-2021-46667\",\n \"CVE-2022-21451\"\n );\n script_xref(name:\"RHSA\", value:\"2022:1557\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193\");\n script_xref(name:\"IAVA\", value:\"2021-A-0333\");\n script_xref(name:\"IAVA\", value:\"2021-A-0487\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"CentOS 8 : mariadb:10.5 (CESA-2022:1557)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nCESA-2022:1557 advisory.\n\n - mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154, CVE-2021-2166)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372, CVE-2021-2389)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)\n\n - mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657)\n\n - mariadb: save_window_function_values triggers an abort during IN subquery (CVE-2021-46658)\n\n - mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662)\n\n - mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666)\n\n - mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:1557\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Judy package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-35604\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:Judy\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'Judy-1.0.5-18.module_el8.4.0', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'Judy-1.0.5-18.module_el8.4.0', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Judy');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:38:20", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1010 advisory.\n\n - mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154, CVE-2021-2166)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372, CVE-2021-2389)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)\n\n - mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657)\n\n - mariadb: save_window_function_values triggers an abort during IN subquery (CVE-2021-46658)\n\n - mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662)\n\n - mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666)\n\n - mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2022) (CVE-2022-21451)\n\n - mariadb: crash in Used_tables_and_const_cache::used_tables_and_const_cache_join (CVE-2022-27385)\n\n - mariadb: improper locking due to unreleased lock in the ds_xbstream.cc (CVE-2022-31621)\n\n - mariadb: DoS due to improper locking due to unreleased lock in plugin/server_audit/server_audit.c (CVE-2022-31624)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-23T00:00:00", "type": "nessus", "title": "RHEL 7 : rh-mariadb103-mariadb (RHSA-2022:1010)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-2154", "CVE-2021-2166", "CVE-2021-2372", "CVE-2021-2389", "CVE-2021-35604", "CVE-2021-46657", "CVE-2021-46658", "CVE-2021-46662", "CVE-2021-46666", "CVE-2021-46667", "CVE-2022-21451", "CVE-2022-27385", "CVE-2022-31621", "CVE-2022-31624"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-galera", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-backup", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-backup-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-common", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-config", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-config-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-connect-engine", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-devel", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-errmsg", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-gssapi-server", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-oqgraph-engine", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-server", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-server-galera", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-server-galera-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-server-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-server-utils", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-server-utils-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-test"], "id": "REDHAT-RHSA-2022-1010.NASL", "href": "https://www.tenable.com/plugins/nessus/159167", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:1010. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159167);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2021-2154\",\n \"CVE-2021-2166\",\n \"CVE-2021-2372\",\n \"CVE-2021-2389\",\n \"CVE-2021-35604\",\n \"CVE-2021-46657\",\n \"CVE-2021-46662\",\n \"CVE-2021-46666\",\n \"CVE-2021-46667\"\n );\n script_xref(name:\"RHSA\", value:\"2022:1010\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193\");\n script_xref(name:\"IAVA\", value:\"2021-A-0333\");\n script_xref(name:\"IAVA\", value:\"2021-A-0487\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"RHEL 7 : rh-mariadb103-mariadb (RHSA-2022:1010)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:1010 advisory.\n\n - mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154, CVE-2021-2166)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372, CVE-2021-2389)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)\n\n - mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657)\n\n - mariadb: save_window_function_values triggers an abort during IN subquery (CVE-2021-46658)\n\n - mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662)\n\n - mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666)\n\n - mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2022) (CVE-2022-21451)\n\n - mariadb: crash in Used_tables_and_const_cache::used_tables_and_const_cache_join (CVE-2022-27385)\n\n - mariadb: improper locking due to unreleased lock in the ds_xbstream.cc (CVE-2022-31621)\n\n - mariadb: DoS due to improper locking due to unreleased lock in plugin/server_audit/server_audit.c\n (CVE-2022-31624)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-31621\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-31624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:1010\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1951752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1951755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1992303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1992309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016101\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2049294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2049305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092362\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-35604\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 89, 190, 404, 667);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-backup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-backup-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-config-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-connect-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-gssapi-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-oqgraph-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-server-galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-server-galera-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-server-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-server-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-server-utils-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb103-mariadb-test\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/os',\n 'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'rh-mariadb103-galera-25.3.34-4.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mariadb103-galera-25.3.34-4.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mariadb103-galera-25.3.34-4.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mariadb103-mariadb-10.3.32-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-10.3.32-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-10.3.32-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-backup-10.3.32-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-backup-10.3.32-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-backup-10.3.32-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-backup-syspaths-10.3.32-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-backup-syspaths-10.3.32-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-backup-syspaths-10.3.32-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-common-10.3.32-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-common-10.3.32-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-common-10.3.32-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-config-10.3.32-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-config-10.3.32-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-config-10.3.32-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-config-syspaths-10.3.32-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-config-syspaths-10.3.32-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-config-syspaths-10.3.32-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-connect-engine-10.3.32-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-connect-engine-10.3.32-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-connect-engine-10.3.32-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-devel-10.3.32-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-devel-10.3.32-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-devel-10.3.32-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-errmsg-10.3.32-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-errmsg-10.3.32-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-errmsg-10.3.32-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-gssapi-server-10.3.32-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-gssapi-server-10.3.32-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-gssapi-server-10.3.32-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-oqgraph-engine-10.3.32-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-oqgraph-engine-10.3.32-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-oqgraph-engine-10.3.32-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-server-10.3.32-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-server-10.3.32-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-server-10.3.32-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-server-galera-10.3.32-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-server-galera-10.3.32-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-server-galera-10.3.32-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-server-galera-syspaths-10.3.32-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-server-galera-syspaths-10.3.32-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-server-galera-syspaths-10.3.32-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-server-syspaths-10.3.32-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-server-syspaths-10.3.32-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-server-syspaths-10.3.32-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-server-utils-10.3.32-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-server-utils-10.3.32-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-server-utils-10.3.32-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-server-utils-syspaths-10.3.32-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-server-utils-syspaths-10.3.32-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-server-utils-syspaths-10.3.32-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-syspaths-10.3.32-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-syspaths-10.3.32-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-syspaths-10.3.32-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-test-10.3.32-2.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-test-10.3.32-2.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb103-mariadb-test-10.3.32-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-mariadb103-galera / rh-mariadb103-mariadb / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:37:55", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1007 advisory.\n\n - mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154, CVE-2021-2166)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372, CVE-2021-2389)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)\n\n - mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657)\n\n - mariadb: save_window_function_values triggers an abort during IN subquery (CVE-2021-46658)\n\n - mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662)\n\n - mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666)\n\n - mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2022) (CVE-2022-21451)\n\n - mariadb: crash in Used_tables_and_const_cache::used_tables_and_const_cache_join (CVE-2022-27385)\n\n - mariadb: improper locking due to unreleased lock in the ds_xbstream.cc (CVE-2022-31621)\n\n - mariadb: DoS due to improper locking due to unreleased lock in plugin/server_audit/server_audit.c (CVE-2022-31624)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-23T00:00:00", "type": "nessus", "title": "RHEL 7 : rh-mariadb105-mariadb (RHSA-2022:1007)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-2154", "CVE-2021-2166", "CVE-2021-2372", "CVE-2021-2389", "CVE-2021-35604", "CVE-2021-46657", "CVE-2021-46658", "CVE-2021-46662", "CVE-2021-46666", "CVE-2021-46667", "CVE-2022-21451", "CVE-2022-27385", "CVE-2022-31621", "CVE-2022-31624"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-galera", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-backup", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-backup-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-common", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-config", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-config-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-connect-engine", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-devel", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-errmsg", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-gssapi-server", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-libs", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-oqgraph-engine", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-pam", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server-galera", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server-galera-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server-utils", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server-utils-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-test"], "id": "REDHAT-RHSA-2022-1007.NASL", "href": "https://www.tenable.com/plugins/nessus/159169", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:1007. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159169);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2021-2154\",\n \"CVE-2021-2166\",\n \"CVE-2021-2372\",\n \"CVE-2021-2389\",\n \"CVE-2021-35604\",\n \"CVE-2021-46657\",\n \"CVE-2021-46662\",\n \"CVE-2021-46666\",\n \"CVE-2021-46667\"\n );\n script_xref(name:\"RHSA\", value:\"2022:1007\");\n script_xref(name:\"IAVA\", value:\"2021-A-0193\");\n script_xref(name:\"IAVA\", value:\"2021-A-0333\");\n script_xref(name:\"IAVA\", value:\"2021-A-0487\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"RHEL 7 : rh-mariadb105-mariadb (RHSA-2022:1007)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:1007 advisory.\n\n - mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154, CVE-2021-2166)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372, CVE-2021-2389)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)\n\n - mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657)\n\n - mariadb: save_window_function_values triggers an abort during IN subquery (CVE-2021-46658)\n\n - mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662)\n\n - mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666)\n\n - mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2022) (CVE-2022-21451)\n\n - mariadb: crash in Used_tables_and_const_cache::used_tables_and_const_cache_join (CVE-2022-27385)\n\n - mariadb: improper locking due to unreleased lock in the ds_xbstream.cc (CVE-2022-31621)\n\n - mariadb: DoS due to improper locking due to unreleased lock in plugin/server_audit/server_audit.c\n (CVE-2022-31624)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-31621\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-31624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:1007\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1951752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1951755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1992303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1992309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016101\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2049294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2049305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092362\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-35604\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 89, 190, 404, 667);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-backup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-backup-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-config-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-connect-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-gssapi-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-oqgraph-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server-galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server-galera-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-server-utils-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mariadb105-mariadb-test\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/os',\n 'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'rh-mariadb105-galera-26.4.9-3.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mariadb105-galera-26.4.9-3.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mariadb105-galera-26.4.9-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mariadb105-mariadb-10.5.13-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-10.5.13-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-10.5.13-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-backup-10.5.13-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-backup-10.5.13-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-backup-10.5.13-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-backup-syspaths-10.5.13-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-backup-syspaths-10.5.13-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-backup-syspaths-10.5.13-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-common-10.5.13-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-common-10.5.13-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-common-10.5.13-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-config-10.5.13-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-config-10.5.13-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-config-10.5.13-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-config-syspaths-10.5.13-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-config-syspaths-10.5.13-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-config-syspaths-10.5.13-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-connect-engine-10.5.13-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-connect-engine-10.5.13-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-connect-engine-10.5.13-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-devel-10.5.13-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-devel-10.5.13-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-devel-10.5.13-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-errmsg-10.5.13-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-errmsg-10.5.13-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-errmsg-10.5.13-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-gssapi-server-10.5.13-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-gssapi-server-10.5.13-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-gssapi-server-10.5.13-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-libs-10.5.13-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-libs-10.5.13-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-libs-10.5.13-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-oqgraph-engine-10.5.13-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-oqgraph-engine-10.5.13-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-oqgraph-engine-10.5.13-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-pam-10.5.13-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-pam-10.5.13-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-pam-10.5.13-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-10.5.13-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-10.5.13-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-10.5.13-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-galera-10.5.13-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-galera-10.5.13-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-galera-10.5.13-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-galera-syspaths-10.5.13-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-galera-syspaths-10.5.13-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-galera-syspaths-10.5.13-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-syspaths-10.5.13-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-syspaths-10.5.13-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-syspaths-10.5.13-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-utils-10.5.13-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-utils-10.5.13-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-utils-10.5.13-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-utils-syspaths-10.5.13-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-utils-syspaths-10.5.13-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-server-utils-syspaths-10.5.13-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-syspaths-10.5.13-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-syspaths-10.5.13-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-syspaths-10.5.13-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-test-10.5.13-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-test-10.5.13-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'rh-mariadb105-mariadb-test-10.5.13-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-mariadb105-galera / rh-mariadb105-mariadb / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:39:58", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1557 advisory.\n\n - mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154, CVE-2021-2166)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372, CVE-2021-2389)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)\n\n - mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657)\n\n - mariadb: save_window_function_values triggers an abort during IN subquery (CVE-2021-46658)\n\n - mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662)\n\n - mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666)\n\n - mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2022) (CVE-2022-21451)\n\n - mariadb: crash in Used_tables_and_const_cache::used_tables_and_const_cache_join (CVE-2022-27385)\n\n - mariadb: improper locking due to unreleased lock in the ds_xbstream.cc (CVE-2022-31621)\n\n - mariadb: DoS due to improper locking due to unreleased lock in plugin/server_audit/server_audit.c (CVE-2022-31624)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-27T00:00:00", "type": "nessus", "title": "RHEL 8 : mariadb:10.5 (RHSA-2022:1557)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-2154", "CVE-2021-2166", "CVE-2021-2372", "CVE-2021-2389", "CVE-2021-35604", "CVE-2021-46657", "CVE-2021-46658", "CVE-2021-46662", "CVE-2021-46666", "CVE-2021-46667", "CVE-2022-21451", "CVE-2022-27385", "CVE-2022-31621", "CVE-2022-31624"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:judy", "p-cpe:/a:redhat:enterprise_linux:galera", "p-cpe:/a:redhat:enterprise_linux:mariadb", "p-cpe:/a:redhat:enterprise_linux:mariadb-backup", "p-cpe:/a:redhat:enterprise_linux:mariadb-common", "p-cpe:/a:redhat:enterprise_linux:mariadb-devel", "p-cpe:/a:redhat:enterprise_linux:mariadb-embedded", "p-cpe:/a:redhat:enterprise_linux:mariadb-embedded-devel", "p-cpe:/a:redhat:enterprise_linux:mariadb-errmsg", "p-cpe:/a:redhat:enterprise_linux:mariadb-gssapi-server", "p-cpe:/a:redhat:enterprise_linux:mariadb-oqgraph-engine", "p-cpe:/a:redhat:enterprise_linux:mariadb-pam", "p-cpe:/a:redhat:enterprise_linux:mariadb-server", "p-cpe:/a:redhat:enterprise_linux:mariadb-server-galera", "p-cpe:/a:redhat:enterprise_linux:mariadb-server-utils", "p-cpe:/a:redhat:enterprise_linux:mariadb-test"], "id": "REDHAT-RHSA-2022-1557.NASL", "href": "https://www.tenable.com/plugins/nessus/160228", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:1557. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160228);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2021-2154\",\n \"CVE-2021-2166\",\n \"CVE-2021-2372\",\n \"CVE-2021-2389\",\n \"CVE-2021-35604\",\n \"CVE-2021-46657\",\n \"CVE-2021-46658\",\n \"CVE-2021-46662\",\n \"CVE-2021-46666\",\n \"CVE-2021-46667\",\n \"CVE-2022-21451\",\n \"CVE-2022-27385\",\n \"CVE-2022-31621\",\n \"CVE-2022-31624\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0193\");\n script_xref(name:\"IAVA\", value:\"2021-A-0333\");\n script_xref(name:\"IAVA\", value:\"2021-A-0487\");\n script_xref(name:\"RHSA\", value:\"2022:1557\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"RHEL 8 : mariadb:10.5 (RHSA-2022:1557)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:1557 advisory.\n\n - mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154, CVE-2021-2166)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372, CVE-2021-2389)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)\n\n - mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657)\n\n - mariadb: save_window_function_values triggers an abort during IN subquery (CVE-2021-46658)\n\n - mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662)\n\n - mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666)\n\n - mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2022) (CVE-2022-21451)\n\n - mariadb: crash in Used_tables_and_const_cache::used_tables_and_const_cache_join (CVE-2022-27385)\n\n - mariadb: improper locking due to unreleased lock in the ds_xbstream.cc (CVE-2022-31621)\n\n - mariadb: DoS due to improper locking due to unreleased lock in plugin/server_audit/server_audit.c\n (CVE-2022-31624)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-31621\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-31624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:1557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1951752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1951755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1992303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1992309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016101\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2049294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2049305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092362\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-35604\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 89, 190, 404, 667);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:Judy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-backup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-gssapi-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-oqgraph-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-pam\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-server-galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-server-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-test\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'mariadb:10.5': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'galera-26.4.9-4.module+el8.5.0+14125+d11efe18', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'Judy-1.0.5-18.module+el8.4.0+9031+9abc7af9', 'sp':'6', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb-10.5.13-1.module+el8.5.0+14125+d11efe18', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.5.13-1.module+el8.5.0+14125+d11efe18', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.5.13-1.module+el8.5.0+14125+d11efe18', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.5.13-1.module+el8.5.0+14125+d11efe18', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.5.13-1.module+el8.5.0+14125+d11efe18', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.5.13-1.module+el8.5.0+14125+d11efe18', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.5.13-1.module+el8.5.0+14125+d11efe18', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.5.13-1.module+el8.5.0+14125+d11efe18', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.5.13-1.module+el8.5.0+14125+d11efe18', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-10.5.13-1.module+el8.5.0+14125+d11efe18', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.5.13-1.module+el8.5.0+14125+d11efe18', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.5.13-1.module+el8.5.0+14125+d11efe18', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.5.13-1.module+el8.5.0+14125+d11efe18', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.5.13-1.module+el8.5.0+14125+d11efe18', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'galera-26.4.9-4.module+el8.5.0+14125+d11efe18', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'Judy-1.0.5-18.module+el8.4.0+9031+9abc7af9', 'release':'8', 'el_string':'el8.4.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb-10.5.13-1.module+el8.5.0+14125+d11efe18', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.5.13-1.module+el8.5.0+14125+d11efe18', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.5.13-1.module+el8.5.0+14125+d11efe18', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.5.13-1.module+el8.5.0+14125+d11efe18', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.5.13-1.module+el8.5.0+14125+d11efe18', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.5.13-1.module+el8.5.0+14125+d11efe18', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.5.13-1.module+el8.5.0+14125+d11efe18', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.5.13-1.module+el8.5.0+14125+d11efe18', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.5.13-1.module+el8.5.0+14125+d11efe18', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-pam-10.5.13-1.module+el8.5.0+14125+d11efe18', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.5.13-1.module+el8.5.0+14125+d11efe18', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.5.13-1.module+el8.5.0+14125+d11efe18', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.5.13-1.module+el8.5.0+14125+d11efe18', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.5.13-1.module+el8.5.0+14125+d11efe18', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/mariadb');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mariadb:10.5');\nif ('10.5' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module mariadb:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mariadb:10.5');\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Judy / galera / mariadb / mariadb-backup / mariadb-common / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:39:30", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1556 advisory.\n\n - mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154, CVE-2021-2166)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372, CVE-2021-2389)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)\n\n - mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657)\n\n - mariadb: save_window_function_values triggers an abort during IN subquery (CVE-2021-46658)\n\n - mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662)\n\n - mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666)\n\n - mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2022) (CVE-2022-21451)\n\n - mariadb: crash in Used_tables_and_const_cache::used_tables_and_const_cache_join (CVE-2022-27385)\n\n - mariadb: improper locking due to unreleased lock in the ds_xbstream.cc (CVE-2022-31621)\n\n - mariadb: DoS due to improper locking due to unreleased lock in plugin/server_audit/server_audit.c (CVE-2022-31624)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-27T00:00:00", "type": "nessus", "title": "RHEL 8 : mariadb:10.3 (RHSA-2022:1556)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-2154", "CVE-2021-2166", "CVE-2021-2372", "CVE-2021-2389", "CVE-2021-35604", "CVE-2021-46657", "CVE-2021-46658", "CVE-2021-46662", "CVE-2021-46666", "CVE-2021-46667", "CVE-2022-21451", "CVE-2022-27385", "CVE-2022-31621", "CVE-2022-31624"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:judy", "p-cpe:/a:redhat:enterprise_linux:galera", "p-cpe:/a:redhat:enterprise_linux:mariadb", "p-cpe:/a:redhat:enterprise_linux:mariadb-backup", "p-cpe:/a:redhat:enterprise_linux:mariadb-common", "p-cpe:/a:redhat:enterprise_linux:mariadb-devel", "p-cpe:/a:redhat:enterprise_linux:mariadb-embedded", "p-cpe:/a:redhat:enterprise_linux:mariadb-embedded-devel", "p-cpe:/a:redhat:enterprise_linux:mariadb-errmsg", "p-cpe:/a:redhat:enterprise_linux:mariadb-gssapi-server", "p-cpe:/a:redhat:enterprise_linux:mariadb-oqgraph-engine", "p-cpe:/a:redhat:enterprise_linux:mariadb-server", "p-cpe:/a:redhat:enterprise_linux:mariadb-server-galera", "p-cpe:/a:redhat:enterprise_linux:mariadb-server-utils", "p-cpe:/a:redhat:enterprise_linux:mariadb-test"], "id": "REDHAT-RHSA-2022-1556.NASL", "href": "https://www.tenable.com/plugins/nessus/160230", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:1556. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160230);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2021-2154\",\n \"CVE-2021-2166\",\n \"CVE-2021-2372\",\n \"CVE-2021-2389\",\n \"CVE-2021-35604\",\n \"CVE-2021-46657\",\n \"CVE-2021-46658\",\n \"CVE-2021-46662\",\n \"CVE-2021-46666\",\n \"CVE-2021-46667\",\n \"CVE-2022-21451\",\n \"CVE-2022-27385\",\n \"CVE-2022-31621\",\n \"CVE-2022-31624\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0193\");\n script_xref(name:\"IAVA\", value:\"2021-A-0333\");\n script_xref(name:\"IAVA\", value:\"2021-A-0487\");\n script_xref(name:\"RHSA\", value:\"2022:1556\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2021-0025\");\n\n script_name(english:\"RHEL 8 : mariadb:10.3 (RHSA-2022:1556)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:1556 advisory.\n\n - mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154, CVE-2021-2166)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372, CVE-2021-2389)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)\n\n - mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657)\n\n - mariadb: save_window_function_values triggers an abort during IN subquery (CVE-2021-46658)\n\n - mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662)\n\n - mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666)\n\n - mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2022) (CVE-2022-21451)\n\n - mariadb: crash in Used_tables_and_const_cache::used_tables_and_const_cache_join (CVE-2022-27385)\n\n - mariadb: improper locking due to unreleased lock in the ds_xbstream.cc (CVE-2022-31621)\n\n - mariadb: DoS due to improper locking due to unreleased lock in plugin/server_audit/server_audit.c\n (CVE-2022-31624)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2154\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2389\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46662\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46666\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-46667\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27385\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-31621\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-31624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:1556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1951752\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1951755\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1992303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1992309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016101\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2049294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2049305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050028\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2050030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2075001\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2092362\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-35604\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_cwe_id(20, 89, 190, 404, 667);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:Judy\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-backup\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-embedded-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-gssapi-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-oqgraph-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-server-galera\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-server-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mariadb-test\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'mariadb:10.3': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'galera-25.3.34-4.module+el8.5.0+14124+14ced695', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'Judy-1.0.5-18.module+el8+2765+cfa4f87b', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb-10.3.32-2.module+el8.5.0+14124+14ced695', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.3.32-2.module+el8.5.0+14124+14ced695', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.3.32-2.module+el8.5.0+14124+14ced695', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.3.32-2.module+el8.5.0+14124+14ced695', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.3.32-2.module+el8.5.0+14124+14ced695', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.3.32-2.module+el8.5.0+14124+14ced695', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.3.32-2.module+el8.5.0+14124+14ced695', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.3.32-2.module+el8.5.0+14124+14ced695', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.3.32-2.module+el8.5.0+14124+14ced695', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.3.32-2.module+el8.5.0+14124+14ced695', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.3.32-2.module+el8.5.0+14124+14ced695', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.3.32-2.module+el8.5.0+14124+14ced695', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.3.32-2.module+el8.5.0+14124+14ced695', 'sp':'6', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'galera-25.3.34-4.module+el8.5.0+14124+14ced695', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'Judy-1.0.5-18.module+el8+2765+cfa4f87b', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mariadb-10.3.32-2.module+el8.5.0+14124+14ced695', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-backup-10.3.32-2.module+el8.5.0+14124+14ced695', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-common-10.3.32-2.module+el8.5.0+14124+14ced695', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-devel-10.3.32-2.module+el8.5.0+14124+14ced695', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-10.3.32-2.module+el8.5.0+14124+14ced695', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-embedded-devel-10.3.32-2.module+el8.5.0+14124+14ced695', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-errmsg-10.3.32-2.module+el8.5.0+14124+14ced695', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-gssapi-server-10.3.32-2.module+el8.5.0+14124+14ced695', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-oqgraph-engine-10.3.32-2.module+el8.5.0+14124+14ced695', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-10.3.32-2.module+el8.5.0+14124+14ced695', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-galera-10.3.32-2.module+el8.5.0+14124+14ced695', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-server-utils-10.3.32-2.module+el8.5.0+14124+14ced695', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},\n {'reference':'mariadb-test-10.3.32-2.module+el8.5.0+14124+14ced695', 'release':'8', 'el_string':'el8.5.0', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/mariadb');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mariadb:10.3');\nif ('10.3' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module mariadb:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mariadb:10.3');\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Judy / galera / mariadb / mariadb-backup / mariadb-common / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-19T15:09:53", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS / 21.10 / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5400-1 advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21412, CVE-2022-21414, CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21452, CVE-2022-21462)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21413)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21415)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21417)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.\n CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2022-21418)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server.\n CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). (CVE-2022-21423)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2022-21425)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21427)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2022-21440, CVE-2022-21459, CVE-2022-21478)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21444)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21451)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).\n Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21454)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). (CVE-2022-21457)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N). (CVE-2022-21460)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-03T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS / 21.10 / 22.04 LTS : MySQL vulnerabilities (USN-5400-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21412", "CVE-2022-21413", "CVE-2022-21414", "CVE-2022-21415", "CVE-2022-21417", "CVE-2022-21418", "CVE-2022-21423", "CVE-2022-21425", "CVE-2022-21427", "CVE-2022-21435", "CVE-2022-21436", "CVE-2022-21437", "CVE-2022-21438", "CVE-2022-21440", "CVE-2022-21444", "CVE-2022-21451", "CVE-2022-21452", "CVE-2022-21454", "CVE-2022-21457", "CVE-2022-21459", "CVE-2022-21460", "CVE-2022-21462", "CVE-2022-21478"], "modified": "2023-07-10T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:21.10", "cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:libmysqlclient-dev", "p-cpe:/a:canonical:ubuntu_linux:libmysqlclient20", "p-cpe:/a:canonical:ubuntu_linux:libmysqlclient21", "p-cpe:/a:canonical:ubuntu_linux:libmysqld-dev", "p-cpe:/a:canonical:ubuntu_linux:mysql-client", "p-cpe:/a:canonical:ubuntu_linux:mysql-client-5.7", "p-cpe:/a:canonical:ubuntu_linux:mysql-client-8.0", "p-cpe:/a:canonical:ubuntu_linux:mysql-client-core-5.7", "p-cpe:/a:canonical:ubuntu_linux:mysql-client-core-8.0", "p-cpe:/a:canonical:ubuntu_linux:mysql-router", "p-cpe:/a:canonical:ubuntu_linux:mysql-server", "p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.7", "p-cpe:/a:canonical:ubuntu_linux:mysql-server-8.0", "p-cpe:/a:canonical:ubuntu_linux:mysql-server-core-5.7", "p-cpe:/a:canonical:ubuntu_linux:mysql-server-core-8.0", "p-cpe:/a:canonical:ubuntu_linux:mysql-source-5.7", "p-cpe:/a:canonical:ubuntu_linux:mysql-source-8.0", "p-cpe:/a:canonical:ubuntu_linux:mysql-testsuite", "p-cpe:/a:canonical:ubuntu_linux:mysql-testsuite-5.7", "p-cpe:/a:canonical:ubuntu_linux:mysql-testsuite-8.0"], "id": "UBUNTU_USN-5400-1.NASL", "href": "https://www.tenable.com/plugins/nessus/160474", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5400-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160474);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/10\");\n\n script_cve_id(\n \"CVE-2022-21412\",\n \"CVE-2022-21413\",\n \"CVE-2022-21414\",\n \"CVE-2022-21415\",\n \"CVE-2022-21417\",\n \"CVE-2022-21418\",\n \"CVE-2022-21423\",\n \"CVE-2022-21425\",\n \"CVE-2022-21427\",\n \"CVE-2022-21435\",\n \"CVE-2022-21436\",\n \"CVE-2022-21437\",\n \"CVE-2022-21438\",\n \"CVE-2022-21440\",\n \"CVE-2022-21444\",\n \"CVE-2022-21451\",\n \"CVE-2022-21452\",\n \"CVE-2022-21454\",\n \"CVE-2022-21457\",\n \"CVE-2022-21459\",\n \"CVE-2022-21460\",\n \"CVE-2022-21462\",\n \"CVE-2022-21478\"\n );\n script_xref(name:\"USN\", value:\"5400-1\");\n script_xref(name:\"IAVA\", value:\"2022-A-0168-S\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS / 21.10 / 22.04 LTS : MySQL vulnerabilities (USN-5400-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS / 21.10 / 22.04 LTS host has packages installed that are affected by multiple\nvulnerabilities as referenced in the USN-5400-1 advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21412, CVE-2022-21414, CVE-2022-21435,\n CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21452, CVE-2022-21462)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions\n that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21413)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported\n versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21415)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21417)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL\n Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.\n CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2022-21418)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server.\n CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). (CVE-2022-21423)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions\n that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server\n accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2022-21425)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions\n that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21427)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server\n accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2022-21440, CVE-2022-21459, CVE-2022-21478)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions\n that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows\n high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21444)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21451)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).\n Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability\n impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21454)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported\n versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server\n accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). (CVE-2022-21457)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions\n that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows\n high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized access to critical data or complete access to all\n MySQL Server accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N). (CVE-2022-21460)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5400-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-21478\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-21457\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:21.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmysqlclient-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmysqlclient20\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmysqlclient21\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmysqld-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-client-5.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-client-8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-client-core-5.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-client-core-8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-router\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server-5.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server-8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server-core-5.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-server-core-8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-source-5.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-source-8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-testsuite\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-testsuite-5.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mysql-testsuite-8.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release || '20.04' >< os_release || '21.10' >< os_release || '22.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04 / 21.10 / 22.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'libmysqlclient-dev', 'pkgver': '5.7.38-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libmysqlclient20', 'pkgver': '5.7.38-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'libmysqld-dev', 'pkgver': '5.7.38-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'mysql-client', 'pkgver': '5.7.38-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'mysql-client-5.7', 'pkgver': '5.7.38-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'mysql-client-core-5.7', 'pkgver': '5.7.38-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'mysql-server', 'pkgver': '5.7.38-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'mysql-server-5.7', 'pkgver': '5.7.38-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'mysql-server-core-5.7', 'pkgver': '5.7.38-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'mysql-source-5.7', 'pkgver': '5.7.38-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'mysql-testsuite', 'pkgver': '5.7.38-0ubuntu0.18.04.1'},\n {'osver': '18.04', 'pkgname': 'mysql-testsuite-5.7', 'pkgver': '5.7.38-0ubuntu0.18.04.1'},\n {'osver': '20.04', 'pkgname': 'libmysqlclient-dev', 'pkgver': '8.0.29-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'libmysqlclient21', 'pkgver': '8.0.29-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'mysql-client', 'pkgver': '8.0.29-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'mysql-client-8.0', 'pkgver': '8.0.29-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'mysql-client-core-8.0', 'pkgver': '8.0.29-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'mysql-router', 'pkgver': '8.0.29-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'mysql-server', 'pkgver': '8.0.29-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'mysql-server-8.0', 'pkgver': '8.0.29-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'mysql-server-core-8.0', 'pkgver': '8.0.29-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'mysql-source-8.0', 'pkgver': '8.0.29-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'mysql-testsuite', 'pkgver': '8.0.29-0ubuntu0.20.04.2'},\n {'osver': '20.04', 'pkgname': 'mysql-testsuite-8.0', 'pkgver': '8.0.29-0ubuntu0.20.04.2'},\n {'osver': '21.10', 'pkgname': 'libmysqlclient-dev', 'pkgver': '8.0.29-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'libmysqlclient21', 'pkgver': '8.0.29-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'mysql-client', 'pkgver': '8.0.29-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'mysql-client-8.0', 'pkgver': '8.0.29-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'mysql-client-core-8.0', 'pkgver': '8.0.29-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'mysql-router', 'pkgver': '8.0.29-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'mysql-server', 'pkgver': '8.0.29-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'mysql-server-8.0', 'pkgver': '8.0.29-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'mysql-server-core-8.0', 'pkgver': '8.0.29-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'mysql-source-8.0', 'pkgver': '8.0.29-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'mysql-testsuite', 'pkgver': '8.0.29-0ubuntu0.21.10.1'},\n {'osver': '21.10', 'pkgname': 'mysql-testsuite-8.0', 'pkgver': '8.0.29-0ubuntu0.21.10.1'},\n {'osver': '22.04', 'pkgname': 'libmysqlclient-dev', 'pkgver': '8.0.29-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'libmysqlclient21', 'pkgver': '8.0.29-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'mysql-client', 'pkgver': '8.0.29-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'mysql-client-8.0', 'pkgver': '8.0.29-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'mysql-client-core-8.0', 'pkgver': '8.0.29-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'mysql-router', 'pkgver': '8.0.29-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'mysql-server', 'pkgver': '8.0.29-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'mysql-server-8.0', 'pkgver': '8.0.29-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'mysql-server-core-8.0', 'pkgver': '8.0.29-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'mysql-source-8.0', 'pkgver': '8.0.29-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'mysql-testsuite', 'pkgver': '8.0.29-0ubuntu0.22.04.1'},\n {'osver': '22.04', 'pkgname': 'mysql-testsuite-8.0', 'pkgver': '8.0.29-0ubuntu0.22.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libmysqlclient-dev / libmysqlclient20 / libmysqlclient21 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:44:02", "description": "The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2022, October 2022 and January 2023 CPU advisories.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)).\n Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-0778)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling (protobuf)).\n Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-22570)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).\n Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21454)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-20T00:00:00", "type": "nessus", "title": "Oracle MySQL Server (Apr 2022 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-22570", "CVE-2022-0778", "CVE-2022-21412", "CVE-2022-21413", "CVE-2022-21414", "CVE-2022-21415", "CVE-2022-21417", "CVE-2022-21418", "CVE-2022-21423", "CVE-2022-21425", "CVE-2022-21427", "CVE-2022-21435", "CVE-2022-21436", "CVE-2022-21437", "CVE-2022-21438", "CVE-2022-21440", "CVE-2022-21444", "CVE-2022-21451", "CVE-2022-21452", "CVE-2022-21454", "CVE-2022-21455", "CVE-2022-21457", "CVE-2022-21459", "CVE-2022-21460", "CVE-2022-21462", "CVE-2022-21478", "CVE-2022-21479", "CVE-2022-21556", "CVE-2022-21605", "CVE-2022-21607", "CVE-2022-21866"], "modified": "2023-04-20T00:00:00", "cpe": ["cpe:/a:oracle:mysql"], "id": "MYSQL_8_0_29.NASL", "href": "https://www.tenable.com/plugins/nessus/159977", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159977);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/20\");\n\n script_cve_id(\n \"CVE-2021-22570\",\n \"CVE-2022-0778\",\n \"CVE-2022-21412\",\n \"CVE-2022-21413\",\n \"CVE-2022-21414\",\n \"CVE-2022-21415\",\n \"CVE-2022-21417\",\n \"CVE-2022-21418\",\n \"CVE-2022-21423\",\n \"CVE-2022-21425\",\n \"CVE-2022-21427\",\n \"CVE-2022-21435\",\n \"CVE-2022-21436\",\n \"CVE-2022-21437\",\n \"CVE-2022-21438\",\n \"CVE-2022-21440\",\n \"CVE-2022-21444\",\n \"CVE-2022-21451\",\n \"CVE-2022-21452\",\n \"CVE-2022-21454\",\n \"CVE-2022-21455\",\n \"CVE-2022-21457\",\n \"CVE-2022-21459\",\n \"CVE-2022-21460\",\n \"CVE-2022-21462\",\n \"CVE-2022-21478\",\n \"CVE-2022-21479\",\n \"CVE-2022-21556\",\n \"CVE-2022-21605\",\n \"CVE-2022-21607\",\n \"CVE-2022-21866\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0121-S\");\n script_xref(name:\"IAVA\", value:\"2022-A-0168-S\");\n\n script_name(english:\"Oracle MySQL Server (Apr 2022 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities\");\n script_set_attribute(attribute:\"description\", value:\n\"The versions of MySQL Server installed on the remote host are affected by multiple vulnerabilities as referenced in the\nApril 2022, October 2022 and January 2023 CPU advisories.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging (OpenSSL)).\n Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability\n allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash\n (complete DOS) of MySQL Server. (CVE-2022-0778)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling (protobuf)).\n Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows\n unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2021-22570)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).\n Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows low\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21454)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/docs/tech/security-alerts/cpuapr2022cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuapr2022.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/a/tech/docs/cpuoct2022cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpuoct2022.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/a/tech/docs/cpujan2023cvrf.xml\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.oracle.com/security-alerts/cpujan2023.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to MySQL version 8.0.29 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-21479\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-21866\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/20\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:mysql\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"mysql_version.nasl\", \"mysql_login.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/mysql\", 3306);\n\n exit(0);\n}\n\ninclude('mysql_version.inc');\n\nmysql_check_version(fixed:'8.0.29', min:'8.0', severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:35:04", "description": "The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-6590 advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21427)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21412, CVE-2022-21414, CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21452, CVE-2022-21462)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21413)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server.\n CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). (CVE-2022-21423)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2022-21440, CVE-2022-21459, CVE-2022-21478)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21451)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).\n Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21454)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). (CVE-2022-21457)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality and Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H). (CVE-2022-21479)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2022-21509, CVE-2022-21527, CVE-2022-21528)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.38 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21515)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21525, CVE-2022-21526, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531, CVE-2022-21553)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21534)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21517, CVE-2022-21537)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H). (CVE-2022-21556)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21415)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21417)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.\n CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2022-21418)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2022-21425)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21444)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N). (CVE-2022-21455)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N). (CVE-2022-21460)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21522)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).\n Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L). (CVE-2022-21538)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L).\n (CVE-2022-21539)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21547)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21569)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-22T00:00:00", "type": "nessus", "title": "Oracle Linux 9 : mysql (ELSA-2022-6590)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21412", "CVE-2022-21413", "CVE-2022-21414", "CVE-2022-21415", "CVE-2022-21417", "CVE-2022-21418", "CVE-2022-21423", "CVE-2022-21425", "CVE-2022-21427", "CVE-2022-21435", "CVE-2022-21436", "CVE-2022-21437", "CVE-2022-21438", "CVE-2022-21440", "CVE-2022-21444", "CVE-2022-21451", "CVE-2022-21452", "CVE-2022-21454", "CVE-2022-21455", "CVE-2022-21457", "CVE-2022-21459", "CVE-2022-21460", "CVE-2022-21462", "CVE-2022-21478", "CVE-2022-21479", "CVE-2022-21509", "CVE-2022-21515", "CVE-2022-21517", "CVE-2022-21522", "CVE-2022-21525", "CVE-2022-21526", "CVE-2022-21527", "CVE-2022-21528", "CVE-2022-21529", "CVE-2022-21530", "CVE-2022-21531", "CVE-2022-21534", "CVE-2022-21537", "CVE-2022-21538", "CVE-2022-21539", "CVE-2022-21547", "CVE-2022-21553", "CVE-2022-21556", "CVE-2022-21569"], "modified": "2023-04-20T00:00:00", "cpe": ["cpe:/o:oracle:linux:9", "p-cpe:/a:oracle:linux:mysql", "p-cpe:/a:oracle:linux:mysql-common", "p-cpe:/a:oracle:linux:mysql-devel", "p-cpe:/a:oracle:linux:mysql-errmsg", "p-cpe:/a:oracle:linux:mysql-libs", "p-cpe:/a:oracle:linux:mysql-server", "p-cpe:/a:oracle:linux:mysql-test"], "id": "ORACLELINUX_ELSA-2022-6590.NASL", "href": "https://www.tenable.com/plugins/nessus/165314", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-6590.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165314);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/20\");\n\n script_cve_id(\n \"CVE-2022-21412\",\n \"CVE-2022-21413\",\n \"CVE-2022-21414\",\n \"CVE-2022-21415\",\n \"CVE-2022-21417\",\n \"CVE-2022-21418\",\n \"CVE-2022-21423\",\n \"CVE-2022-21425\",\n \"CVE-2022-21427\",\n \"CVE-2022-21435\",\n \"CVE-2022-21436\",\n \"CVE-2022-21437\",\n \"CVE-2022-21438\",\n \"CVE-2022-21440\",\n \"CVE-2022-21444\",\n \"CVE-2022-21451\",\n \"CVE-2022-21452\",\n \"CVE-2022-21454\",\n \"CVE-2022-21455\",\n \"CVE-2022-21457\",\n \"CVE-2022-21459\",\n \"CVE-2022-21460\",\n \"CVE-2022-21462\",\n \"CVE-2022-21478\",\n \"CVE-2022-21479\",\n \"CVE-2022-21509\",\n \"CVE-2022-21515\",\n \"CVE-2022-21517\",\n \"CVE-2022-21522\",\n \"CVE-2022-21525\",\n \"CVE-2022-21526\",\n \"CVE-2022-21527\",\n \"CVE-2022-21528\",\n \"CVE-2022-21529\",\n \"CVE-2022-21530\",\n \"CVE-2022-21531\",\n \"CVE-2022-21534\",\n \"CVE-2022-21537\",\n \"CVE-2022-21538\",\n \"CVE-2022-21539\",\n \"CVE-2022-21547\",\n \"CVE-2022-21553\",\n \"CVE-2022-21556\",\n \"CVE-2022-21569\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0291\");\n script_xref(name:\"IAVA\", value:\"2022-A-0168-S\");\n\n script_name(english:\"Oracle Linux 9 : mysql (ELSA-2022-6590)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-6590 advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions\n that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21427)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21412, CVE-2022-21414, CVE-2022-21435,\n CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21452, CVE-2022-21462)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions\n that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21413)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server.\n CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). (CVE-2022-21423)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server\n accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2022-21440, CVE-2022-21459, CVE-2022-21478)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21451)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).\n Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability\n impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21454)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported\n versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server\n accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). (CVE-2022-21457)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server and unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1\n Base Score 5.5 (Confidentiality and Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H). (CVE-2022-21479)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server\n accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2022-21509, CVE-2022-21527, CVE-2022-21528)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions\n that are affected are 5.7.38 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21515)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21525, CVE-2022-21526, CVE-2022-21529,\n CVE-2022-21530, CVE-2022-21531, CVE-2022-21553)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported\n versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21534)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL\n Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21517, CVE-2022-21537)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized creation, deletion or modification access to critical data or all\n MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash\n (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H). (CVE-2022-21556)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported\n versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21415)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21417)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL\n Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.\n CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2022-21418)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions\n that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server\n accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). (CVE-2022-21425)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions\n that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows\n high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21444)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported\n versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized creation, deletion or modification access to critical data or all\n MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N). (CVE-2022-21455)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions\n that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows\n high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized access to critical data or complete access to all\n MySQL Server accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N). (CVE-2022-21460)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported\n versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21522)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).\n Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service\n (partial DOS) of MySQL Server. CVSS 3.1 Base Score 3.1 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L). (CVE-2022-21538)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well\n as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause\n a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 5.0 (Confidentiality,\n Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L).\n (CVE-2022-21539)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported\n versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21547)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows low privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector:\n (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). (CVE-2022-21569)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-6590.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-21479\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-21556\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-test\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 9', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'mysql-8.0.30-3.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-8.0.30-3.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-common-8.0.30-3.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-common-8.0.30-3.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-devel-8.0.30-3.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-devel-8.0.30-3.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-errmsg-8.0.30-3.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-errmsg-8.0.30-3.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-libs-8.0.30-3.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-libs-8.0.30-3.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-server-8.0.30-3.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-server-8.0.30-3.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-test-8.0.30-3.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-test-8.0.30-3.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mysql / mysql-common / mysql-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:37:18", "description": "The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:6590 advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-11-16T00:00:00", "type": "nessus", "title": "AlmaLinux 9 : mysql (ALSA-2022:6590)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21412", "CVE-2022-21413", "CVE-2022-21414", "CVE-2022-21415", "CVE-2022-21417", "CVE-2022-21418", "CVE-2022-21423", "CVE-2022-21425", "CVE-2022-21427", "CVE-2022-21435", "CVE-2022-21436", "CVE-2022-21437", "CVE-2022-21438", "CVE-2022-21440", "CVE-2022-21444", "CVE-2022-21451", "CVE-2022-21452", "CVE-2022-21454", "CVE-2022-21455", "CVE-2022-21457", "CVE-2022-21459", "CVE-2022-21460", "CVE-2022-21462", "CVE-2022-21478", "CVE-2022-21479", "CVE-2022-21509", "CVE-2022-21515", "CVE-2022-21517", "CVE-2022-21522", "CVE-2022-21525", "CVE-2022-21526", "CVE-2022-21527", "CVE-2022-21528", "CVE-2022-21529", "CVE-2022-21530", "CVE-2022-21531", "CVE-2022-21534", "CVE-2022-21537", "CVE-2022-21538", "CVE-2022-21539", "CVE-2022-21547", "CVE-2022-21553", "CVE-2022-21556", "CVE-2022-21569"], "modified": "2022-11-17T00:00:00", "cpe": ["p-cpe:/a:alma:linux:mysql", "p-cpe:/a:alma:linux:mysql-common", "p-cpe:/a:alma:linux:mysql-devel", "p-cpe:/a:alma:linux:mysql-errmsg", "p-cpe:/a:alma:linux:mysql-libs", "p-cpe:/a:alma:linux:mysql-server", "p-cpe:/a:alma:linux:mysql-test", "cpe:/o:alma:linux:9", "cpe:/o:alma:linux:9::appstream", "cpe:/o:alma:linux:9::crb"], "id": "ALMA_LINUX_ALSA-2022-6590.NASL", "href": "https://www.tenable.com/plugins/nessus/167670", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:6590.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167670);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/17\");\n\n script_cve_id(\n \"CVE-2022-21412\",\n \"CVE-2022-21413\",\n \"CVE-2022-21414\",\n \"CVE-2022-21415\",\n \"CVE-2022-21417\",\n \"CVE-2022-21418\",\n \"CVE-2022-21423\",\n \"CVE-2022-21425\",\n \"CVE-2022-21427\",\n \"CVE-2022-21435\",\n \"CVE-2022-21436\",\n \"CVE-2022-21437\",\n \"CVE-2022-21438\",\n \"CVE-2022-21440\",\n \"CVE-2022-21444\",\n \"CVE-2022-21451\",\n \"CVE-2022-21452\",\n \"CVE-2022-21454\",\n \"CVE-2022-21455\",\n \"CVE-2022-21457\",\n \"CVE-2022-21459\",\n \"CVE-2022-21460\",\n \"CVE-2022-21462\",\n \"CVE-2022-21478\",\n \"CVE-2022-21479\",\n \"CVE-2022-21509\",\n \"CVE-2022-21515\",\n \"CVE-2022-21517\",\n \"CVE-2022-21522\",\n \"CVE-2022-21525\",\n \"CVE-2022-21526\",\n \"CVE-2022-21527\",\n \"CVE-2022-21528\",\n \"CVE-2022-21529\",\n \"CVE-2022-21530\",\n \"CVE-2022-21531\",\n \"CVE-2022-21534\",\n \"CVE-2022-21537\",\n \"CVE-2022-21538\",\n \"CVE-2022-21539\",\n \"CVE-2022-21547\",\n \"CVE-2022-21553\",\n \"CVE-2022-21556\",\n \"CVE-2022-21569\"\n );\n script_xref(name:\"ALSA\", value:\"2022:6590\");\n\n script_name(english:\"AlmaLinux 9 : mysql (ALSA-2022:6590)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2022:6590 advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/9/ALSA-2022-6590.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-21479\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-21556\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/09/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mysql-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mysql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mysql-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::crb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 9.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'mysql-8.0.30-3.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-8.0.30-3.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-common-8.0.30-3.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-common-8.0.30-3.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-devel-8.0.30-3.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-devel-8.0.30-3.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-errmsg-8.0.30-3.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-errmsg-8.0.30-3.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-libs-8.0.30-3.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-libs-8.0.30-3.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-server-8.0.30-3.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-server-8.0.30-3.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-test-8.0.30-3.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-test-8.0.30-3.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mysql / mysql-common / mysql-devel / mysql-errmsg / mysql-libs / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T18:31:55", "description": "The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6590 advisory.\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2022) (CVE-2022-21412, CVE-2022-21414, CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21440, CVE-2022-21452, CVE-2022-21459, CVE-2022-21462, CVE-2022-21478, CVE-2022-21479)\n\n - mysql: Server: DML unspecified vulnerability (CPU Apr 2022) (CVE-2022-21413)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Apr 2022) (CVE-2022-21415)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2022) (CVE-2022-21417, CVE-2022-21418, CVE-2022-21423, CVE-2022-21451)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Apr 2022) (CVE-2022-21425, CVE-2022-21444)\n\n - mysql: Server: FTS unspecified vulnerability (CPU Apr 2022) (CVE-2022-21427)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2022) (CVE-2022-21454)\n\n - mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Jul 2022) (CVE-2022-21455)\n\n - mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Apr 2022) (CVE-2022-21457)\n\n - mysql: Server: Logging unspecified vulnerability (CPU Apr 2022) (CVE-2022-21460)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2022) (CVE-2022-21509, CVE-2022-21525, CVE-2022-21526, CVE-2022-21527, CVE-2022-21528, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531, CVE-2022-21553, CVE-2022-21556, CVE-2022-21569)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jul 2022) (CVE-2022-21515)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2022) (CVE-2022-21517, CVE-2022-21537, CVE-2022-21539)\n\n - mysql: Server: Stored Procedure unspecified vulnerability (CPU Jul 2022) (CVE-2022-21522, CVE-2022-21534)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Jul 2022) (CVE-2022-21538)\n\n - mysql: Server: Federated unspecified vulnerability (CPU Jul 2022) (CVE-2022-21547)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2022) (CVE-2022-21592)\n\n - mysql: Server: Data Dictionary unspecified vulnerability (CPU Oct 2022) (CVE-2022-21605)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21607, CVE-2022-21638, CVE-2022-21641)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21635)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21866, CVE-2023-21872)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-21T00:00:00", "type": "nessus", "title": "RHEL 9 : mysql (RHSA-2022:6590)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21412", "CVE-2022-21413", "CVE-2022-21414", "CVE-2022-21415", "CVE-2022-21417", "CVE-2022-21418", "CVE-2022-21423", "CVE-2022-21425", "CVE-2022-21427", "CVE-2022-21435", "CVE-2022-21436", "CVE-2022-21437", "CVE-2022-21438", "CVE-2022-21440", "CVE-2022-21444", "CVE-2022-21451", "CVE-2022-21452", "CVE-2022-21454", "CVE-2022-21455", "CVE-2022-21457", "CVE-2022-21459", "CVE-2022-21460", "CVE-2022-21462", "CVE-2022-21478", "CVE-2022-21479", "CVE-2022-21509", "CVE-2022-21515", "CVE-2022-21517", "CVE-2022-21522", "CVE-2022-21525", "CVE-2022-21526", "CVE-2022-21527", "CVE-2022-21528", "CVE-2022-21529", "CVE-2022-21530", "CVE-2022-21531", "CVE-2022-21534", "CVE-2022-21537", "CVE-2022-21538", "CVE-2022-21539", "CVE-2022-21547", "CVE-2022-21553", "CVE-2022-21556", "CVE-2022-21569", "CVE-2022-21592", "CVE-2022-21605", "CVE-2022-21607", "CVE-2022-21635", "CVE-2022-21638", "CVE-2022-21641", "CVE-2023-21866", "CVE-2023-21872"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:9", "cpe:/o:redhat:rhel_aus:9.2", "cpe:/o:redhat:rhel_e4s:9.0", "cpe:/o:redhat:rhel_e4s:9.2", "cpe:/o:redhat:rhel_eus:9.0", "cpe:/o:redhat:rhel_eus:9.2", "p-cpe:/a:redhat:enterprise_linux:mysql", "p-cpe:/a:redhat:enterprise_linux:mysql-common", "p-cpe:/a:redhat:enterprise_linux:mysql-devel", "p-cpe:/a:redhat:enterprise_linux:mysql-errmsg", "p-cpe:/a:redhat:enterprise_linux:mysql-libs", "p-cpe:/a:redhat:enterprise_linux:mysql-server", "p-cpe:/a:redhat:enterprise_linux:mysql-test"], "id": "REDHAT-RHSA-2022-6590.NASL", "href": "https://www.tenable.com/plugins/nessus/165274", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:6590. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165274);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2022-21412\",\n \"CVE-2022-21413\",\n \"CVE-2022-21414\",\n \"CVE-2022-21415\",\n \"CVE-2022-21417\",\n \"CVE-2022-21418\",\n \"CVE-2022-21423\",\n \"CVE-2022-21425\",\n \"CVE-2022-21427\",\n \"CVE-2022-21435\",\n \"CVE-2022-21436\",\n \"CVE-2022-21437\",\n \"CVE-2022-21438\",\n \"CVE-2022-21440\",\n \"CVE-2022-21444\",\n \"CVE-2022-21451\",\n \"CVE-2022-21452\",\n \"CVE-2022-21454\",\n \"CVE-2022-21455\",\n \"CVE-2022-21457\",\n \"CVE-2022-21459\",\n \"CVE-2022-21460\",\n \"CVE-2022-21462\",\n \"CVE-2022-21478\",\n \"CVE-2022-21479\",\n \"CVE-2022-21509\",\n \"CVE-2022-21515\",\n \"CVE-2022-21517\",\n \"CVE-2022-21522\",\n \"CVE-2022-21525\",\n \"CVE-2022-21526\",\n \"CVE-2022-21527\",\n \"CVE-2022-21528\",\n \"CVE-2022-21529\",\n \"CVE-2022-21530\",\n \"CVE-2022-21531\",\n \"CVE-2022-21534\",\n \"CVE-2022-21537\",\n \"CVE-2022-21538\",\n \"CVE-2022-21539\",\n \"CVE-2022-21547\",\n \"CVE-2022-21553\",\n \"CVE-2022-21556\",\n \"CVE-2022-21569\",\n \"CVE-2022-21592\",\n \"CVE-2022-21605\",\n \"CVE-2022-21607\",\n \"CVE-2022-21635\",\n \"CVE-2022-21638\",\n \"CVE-2022-21641\",\n \"CVE-2023-21866\",\n \"CVE-2023-21872\"\n );\n script_xref(name:\"IAVA\", value:\"2022-A-0291\");\n script_xref(name:\"RHSA\", value:\"2022:6590\");\n script_xref(name:\"IAVA\", value:\"2022-A-0168-S\");\n\n script_name(english:\"RHEL 9 : mysql (RHSA-2022:6590)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:6590 advisory.\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2022) (CVE-2022-21412, CVE-2022-21414,\n CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21440, CVE-2022-21452,\n CVE-2022-21459, CVE-2022-21462, CVE-2022-21478, CVE-2022-21479)\n\n - mysql: Server: DML unspecified vulnerability (CPU Apr 2022) (CVE-2022-21413)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Apr 2022) (CVE-2022-21415)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2022) (CVE-2022-21417, CVE-2022-21418, CVE-2022-21423,\n CVE-2022-21451)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Apr 2022) (CVE-2022-21425, CVE-2022-21444)\n\n - mysql: Server: FTS unspecified vulnerability (CPU Apr 2022) (CVE-2022-21427)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2022) (CVE-2022-21454)\n\n - mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Jul 2022) (CVE-2022-21455)\n\n - mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Apr 2022) (CVE-2022-21457)\n\n - mysql: Server: Logging unspecified vulnerability (CPU Apr 2022) (CVE-2022-21460)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2022) (CVE-2022-21509, CVE-2022-21525,\n CVE-2022-21526, CVE-2022-21527, CVE-2022-21528, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531,\n CVE-2022-21553, CVE-2022-21556, CVE-2022-21569)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jul 2022) (CVE-2022-21515)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2022) (CVE-2022-21517, CVE-2022-21537, CVE-2022-21539)\n\n - mysql: Server: Stored Procedure unspecified vulnerability (CPU Jul 2022) (CVE-2022-21522, CVE-2022-21534)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Jul 2022) (CVE-2022-21538)\n\n - mysql: Server: Federated unspecified vulnerability (CPU Jul 2022) (CVE-2022-21547)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2022) (CVE-2022-21592)\n\n - mysql: Server: Data Dictionary unspecified vulnerability (CPU Oct 2022) (CVE-2022-21605)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21607, CVE-2022-21638,\n CVE-2022-21641)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21635)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21866, CVE-2023-21872)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21412\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21413\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21414\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21415\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21417\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21436\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21437\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21438\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21459\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21515\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21517\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21522\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21525\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21526\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21527\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21528\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21530\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21531\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21537\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21553\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21569\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21592\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21638\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21641\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2023-21866\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2023-21872\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:6590\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082638\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082641\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082643\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082649\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115287\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115288\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115289\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115292\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115298\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115299\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115300\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115301\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2142860\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2142866\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2142867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2142874\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2142876\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2142878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2162273\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2162279\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-21479\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-21635\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:9.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:9.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:9.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-test\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '9')) audit(AUDIT_OS_NOT, 'Red Hat 9.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel9/9.2/x86_64/appstream/debug',\n 'content/aus/rhel9/9.2/x86_64/appstream/os',\n 'content/aus/rhel9/9.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel9/9.2/x86_64/baseos/debug',\n 'content/aus/rhel9/9.2/x86_64/baseos/os',\n 'content/aus/rhel9/9.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.2/aarch64/appstream/debug',\n 'content/e4s/rhel9/9.2/aarch64/appstream/os',\n 'content/e4s/rhel9/9.2/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.2/aarch64/baseos/debug',\n 'content/e4s/rhel9/9.2/aarch64/baseos/os',\n 'content/e4s/rhel9/9.2/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.2/aarch64/highavailability/debug',\n 'content/e4s/rhel9/9.2/aarch64/highavailability/os',\n 'content/e4s/rhel9/9.2/aarch64/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/appstream/debug',\n 'content/e4s/rhel9/9.2/ppc64le/appstream/os',\n 'content/e4s/rhel9/9.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/baseos/debug',\n 'content/e4s/rhel9/9.2/ppc64le/baseos/os',\n 'content/e4s/rhel9/9.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel9/9.2/ppc64le/highavailability/os',\n 'content/e4s/rhel9/9.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/resilientstorage/debug',\n 'content/e4s/rhel9/9.2/ppc64le/resilientstorage/os',\n 'content/e4s/rhel9/9.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel9/9.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel9/9.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel9/9.2/ppc64le/sap/debug',\n 'content/e4s/rhel9/9.2/ppc64le/sap/os',\n 'content/e4s/rhel9/9.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel9/9.2/s390x/appstream/debug',\n 'content/e4s/rhel9/9.2/s390x/appstream/os',\n 'content/e4s/rhel9/9.2/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.2/s390x/baseos/debug',\n 'content/e4s/rhel9/9.2/s390x/baseos/os',\n 'content/e4s/rhel9/9.2/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.2/s390x/highavailability/debug',\n 'content/e4s/rhel9/9.2/s390x/highavailability/os',\n 'content/e4s/rhel9/9.2/s390x/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.2/s390x/resilientstorage/debug',\n 'content/e4s/rhel9/9.2/s390x/resilientstorage/os',\n 'content/e4s/rhel9/9.2/s390x/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.2/s390x/sap/debug',\n 'content/e4s/rhel9/9.2/s390x/sap/os',\n 'content/e4s/rhel9/9.2/s390x/sap/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/appstream/debug',\n 'content/e4s/rhel9/9.2/x86_64/appstream/os',\n 'content/e4s/rhel9/9.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/baseos/debug',\n 'content/e4s/rhel9/9.2/x86_64/baseos/os',\n 'content/e4s/rhel9/9.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/highavailability/debug',\n 'content/e4s/rhel9/9.2/x86_64/highavailability/os',\n 'content/e4s/rhel9/9.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/resilientstorage/debug',\n 'content/e4s/rhel9/9.2/x86_64/resilientstorage/os',\n 'content/e4s/rhel9/9.2/x86_64/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel9/9.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel9/9.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel9/9.2/x86_64/sap/debug',\n 'content/e4s/rhel9/9.2/x86_64/sap/os',\n 'content/e4s/rhel9/9.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel9/9.2/aarch64/appstream/debug',\n 'content/eus/rhel9/9.2/aarch64/appstream/os',\n 'content/eus/rhel9/9.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel9/9.2/aarch64/baseos/debug',\n 'content/eus/rhel9/9.2/aarch64/baseos/os',\n 'content/eus/rhel9/9.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel9/9.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel9/9.2/aarch64/codeready-builder/os',\n 'content/eus/rhel9/9.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.2/aarch64/highavailability/debug',\n 'content/eus/rhel9/9.2/aarch64/highavailability/os',\n 'content/eus/rhel9/9.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.2/aarch64/supplementary/debug',\n 'content/eus/rhel9/9.2/aarch64/supplementary/os',\n 'content/eus/rhel9/9.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/appstream/debug',\n 'content/eus/rhel9/9.2/ppc64le/appstream/os',\n 'content/eus/rhel9/9.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/baseos/debug',\n 'content/eus/rhel9/9.2/ppc64le/baseos/os',\n 'content/eus/rhel9/9.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel9/9.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel9/9.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/highavailability/debug',\n 'content/eus/rhel9/9.2/ppc64le/highavailability/os',\n 'content/eus/rhel9/9.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel9/9.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel9/9.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel9/9.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel9/9.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/sap/debug',\n 'content/eus/rhel9/9.2/ppc64le/sap/os',\n 'content/eus/rhel9/9.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel9/9.2/ppc64le/supplementary/debug',\n 'content/eus/rhel9/9.2/ppc64le/supplementary/os',\n 'content/eus/rhel9/9.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.2/s390x/appstream/debug',\n 'content/eus/rhel9/9.2/s390x/appstream/os',\n 'content/eus/rhel9/9.2/s390x/appstream/source/SRPMS',\n 'content/eus/rhel9/9.2/s390x/baseos/debug',\n 'content/eus/rhel9/9.2/s390x/baseos/os',\n 'content/eus/rhel9/9.2/s390x/baseos/source/SRPMS',\n 'content/eus/rhel9/9.2/s390x/codeready-builder/debug',\n 'content/eus/rhel9/9.2/s390x/codeready-builder/os',\n 'content/eus/rhel9/9.2/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.2/s390x/highavailability/debug',\n 'content/eus/rhel9/9.2/s390x/highavailability/os',\n 'content/eus/rhel9/9.2/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.2/s390x/resilientstorage/debug',\n 'content/eus/rhel9/9.2/s390x/resilientstorage/os',\n 'content/eus/rhel9/9.2/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.2/s390x/sap/debug',\n 'content/eus/rhel9/9.2/s390x/sap/os',\n 'content/eus/rhel9/9.2/s390x/sap/source/SRPMS',\n 'content/eus/rhel9/9.2/s390x/supplementary/debug',\n 'content/eus/rhel9/9.2/s390x/supplementary/os',\n 'content/eus/rhel9/9.2/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/appstream/debug',\n 'content/eus/rhel9/9.2/x86_64/appstream/os',\n 'content/eus/rhel9/9.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/baseos/debug',\n 'content/eus/rhel9/9.2/x86_64/baseos/os',\n 'content/eus/rhel9/9.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel9/9.2/x86_64/codeready-builder/os',\n 'content/eus/rhel9/9.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/highavailability/debug',\n 'content/eus/rhel9/9.2/x86_64/highavailability/os',\n 'content/eus/rhel9/9.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel9/9.2/x86_64/resilientstorage/os',\n 'content/eus/rhel9/9.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel9/9.2/x86_64/sap-solutions/os',\n 'content/eus/rhel9/9.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/sap/debug',\n 'content/eus/rhel9/9.2/x86_64/sap/os',\n 'content/eus/rhel9/9.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel9/9.2/x86_64/supplementary/debug',\n 'content/eus/rhel9/9.2/x86_64/supplementary/os',\n 'content/eus/rhel9/9.2/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'mysql-8.0.30-3.el9_0', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-common-8.0.30-3.el9_0', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-devel-8.0.30-3.el9_0', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-errmsg-8.0.30-3.el9_0', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-libs-8.0.30-3.el9_0', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-server-8.0.30-3.el9_0', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-test-8.0.30-3.el9_0', 'sp':'2', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel9/9/aarch64/appstream/debug',\n 'content/dist/rhel9/9/aarch64/appstream/os',\n 'content/dist/rhel9/9/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/baseos/debug',\n 'content/dist/rhel9/9/aarch64/baseos/os',\n 'content/dist/rhel9/9/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/codeready-builder/debug',\n 'content/dist/rhel9/9/aarch64/codeready-builder/os',\n 'content/dist/rhel9/9/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/highavailability/debug',\n 'content/dist/rhel9/9/aarch64/highavailability/os',\n 'content/dist/rhel9/9/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/supplementary/debug',\n 'content/dist/rhel9/9/aarch64/supplementary/os',\n 'content/dist/rhel9/9/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/appstream/debug',\n 'content/dist/rhel9/9/ppc64le/appstream/os',\n 'content/dist/rhel9/9/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/baseos/debug',\n 'content/dist/rhel9/9/ppc64le/baseos/os',\n 'content/dist/rhel9/9/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/debug',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/os',\n 'content/dist/rhel9/9/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/highavailability/debug',\n 'content/dist/rhel9/9/ppc64le/highavailability/os',\n 'content/dist/rhel9/9/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/debug',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/os',\n 'content/dist/rhel9/9/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/debug',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/os',\n 'content/dist/rhel9/9/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/sap/debug',\n 'content/dist/rhel9/9/ppc64le/sap/os',\n 'content/dist/rhel9/9/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel9/9/ppc64le/supplementary/debug',\n 'content/dist/rhel9/9/ppc64le/supplementary/os',\n 'content/dist/rhel9/9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/s390x/appstream/debug',\n 'content/dist/rhel9/9/s390x/appstream/os',\n 'content/dist/rhel9/9/s390x/appstream/source/SRPMS',\n 'content/dist/rhel9/9/s390x/baseos/debug',\n 'content/dist/rhel9/9/s390x/baseos/os',\n 'content/dist/rhel9/9/s390x/baseos/source/SRPMS',\n 'content/dist/rhel9/9/s390x/codeready-builder/debug',\n 'content/dist/rhel9/9/s390x/codeready-builder/os',\n 'content/dist/rhel9/9/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/s390x/highavailability/debug',\n 'content/dist/rhel9/9/s390x/highavailability/os',\n 'content/dist/rhel9/9/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/s390x/resilientstorage/debug',\n 'content/dist/rhel9/9/s390x/resilientstorage/os',\n 'content/dist/rhel9/9/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/s390x/sap/debug',\n 'content/dist/rhel9/9/s390x/sap/os',\n 'content/dist/rhel9/9/s390x/sap/source/SRPMS',\n 'content/dist/rhel9/9/s390x/supplementary/debug',\n 'content/dist/rhel9/9/s390x/supplementary/os',\n 'content/dist/rhel9/9/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/appstream/debug',\n 'content/dist/rhel9/9/x86_64/appstream/os',\n 'content/dist/rhel9/9/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/baseos/debug',\n 'content/dist/rhel9/9/x86_64/baseos/os',\n 'content/dist/rhel9/9/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/codeready-builder/debug',\n 'content/dist/rhel9/9/x86_64/codeready-builder/os',\n 'content/dist/rhel9/9/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/highavailability/debug',\n 'content/dist/rhel9/9/x86_64/highavailability/os',\n 'content/dist/rhel9/9/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/nfv/debug',\n 'content/dist/rhel9/9/x86_64/nfv/os',\n 'content/dist/rhel9/9/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/resilientstorage/debug',\n 'content/dist/rhel9/9/x86_64/resilientstorage/os',\n 'content/dist/rhel9/9/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/rt/debug',\n 'content/dist/rhel9/9/x86_64/rt/os',\n 'content/dist/rhel9/9/x86_64/rt/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/sap-solutions/debug',\n 'content/dist/rhel9/9/x86_64/sap-solutions/os',\n 'content/dist/rhel9/9/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/sap/debug',\n 'content/dist/rhel9/9/x86_64/sap/os',\n 'content/dist/rhel9/9/x86_64/sap/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/supplementary/debug',\n 'content/dist/rhel9/9/x86_64/supplementary/os',\n 'content/dist/rhel9/9/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'mysql-8.0.30-3.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-common-8.0.30-3.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-devel-8.0.30-3.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-errmsg-8.0.30-3.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-libs-8.0.30-3.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-server-8.0.30-3.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-test-8.0.30-3.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel9/9.0/aarch64/appstream/debug',\n 'content/e4s/rhel9/9.0/aarch64/appstream/os',\n 'content/e4s/rhel9/9.0/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.0/aarch64/baseos/debug',\n 'content/e4s/rhel9/9.0/aarch64/baseos/os',\n 'content/e4s/rhel9/9.0/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.0/aarch64/highavailability/debug',\n 'content/e4s/rhel9/9.0/aarch64/highavailability/os',\n 'content/e4s/rhel9/9.0/aarch64/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.0/ppc64le/appstream/debug',\n 'content/e4s/rhel9/9.0/ppc64le/appstream/os',\n 'content/e4s/rhel9/9.0/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.0/ppc64le/baseos/debug',\n 'content/e4s/rhel9/9.0/ppc64le/baseos/os',\n 'content/e4s/rhel9/9.0/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.0/ppc64le/highavailability/debug',\n 'content/e4s/rhel9/9.0/ppc64le/highavailability/os',\n 'content/e4s/rhel9/9.0/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.0/ppc64le/resilientstorage/debug',\n 'content/e4s/rhel9/9.0/ppc64le/resilientstorage/os',\n 'content/e4s/rhel9/9.0/ppc64le/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.0/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel9/9.0/ppc64le/sap-solutions/os',\n 'content/e4s/rhel9/9.0/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel9/9.0/ppc64le/sap/debug',\n 'content/e4s/rhel9/9.0/ppc64le/sap/os',\n 'content/e4s/rhel9/9.0/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel9/9.0/s390x/appstream/debug',\n 'content/e4s/rhel9/9.0/s390x/appstream/os',\n 'content/e4s/rhel9/9.0/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.0/s390x/baseos/debug',\n 'content/e4s/rhel9/9.0/s390x/baseos/os',\n 'content/e4s/rhel9/9.0/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.0/s390x/highavailability/debug',\n 'content/e4s/rhel9/9.0/s390x/highavailability/os',\n 'content/e4s/rhel9/9.0/s390x/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.0/s390x/resilientstorage/debug',\n 'content/e4s/rhel9/9.0/s390x/resilientstorage/os',\n 'content/e4s/rhel9/9.0/s390x/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.0/s390x/sap/debug',\n 'content/e4s/rhel9/9.0/s390x/sap/os',\n 'content/e4s/rhel9/9.0/s390x/sap/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/appstream/debug',\n 'content/e4s/rhel9/9.0/x86_64/appstream/os',\n 'content/e4s/rhel9/9.0/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/baseos/debug',\n 'content/e4s/rhel9/9.0/x86_64/baseos/os',\n 'content/e4s/rhel9/9.0/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/highavailability/debug',\n 'content/e4s/rhel9/9.0/x86_64/highavailability/os',\n 'content/e4s/rhel9/9.0/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/nfv/debug',\n 'content/e4s/rhel9/9.0/x86_64/nfv/os',\n 'content/e4s/rhel9/9.0/x86_64/nfv/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/resilientstorage/debug',\n 'content/e4s/rhel9/9.0/x86_64/resilientstorage/os',\n 'content/e4s/rhel9/9.0/x86_64/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/rt/debug',\n 'content/e4s/rhel9/9.0/x86_64/rt/os',\n 'content/e4s/rhel9/9.0/x86_64/rt/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/sap-solutions/debug',\n 'content/e4s/rhel9/9.0/x86_64/sap-solutions/os',\n 'content/e4s/rhel9/9.0/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/sap/debug',\n 'content/e4s/rhel9/9.0/x86_64/sap/os',\n 'content/e4s/rhel9/9.0/x86_64/sap/source/SRPMS',\n 'content/eus/rhel9/9.0/aarch64/appstream/debug',\n 'content/eus/rhel9/9.0/aarch64/appstream/os',\n 'content/eus/rhel9/9.0/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel9/9.0/aarch64/baseos/debug',\n 'content/eus/rhel9/9.0/aarch64/baseos/os',\n 'content/eus/rhel9/9.0/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel9/9.0/aarch64/codeready-builder/debug',\n 'content/eus/rhel9/9.0/aarch64/codeready-builder/os',\n 'content/eus/rhel9/9.0/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.0/aarch64/highavailability/debug',\n 'content/eus/rhel9/9.0/aarch64/highavailability/os',\n 'content/eus/rhel9/9.0/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.0/aarch64/supplementary/debug',\n 'content/eus/rhel9/9.0/aarch64/supplementary/os',\n 'content/eus/rhel9/9.0/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/appstream/debug',\n 'content/eus/rhel9/9.0/ppc64le/appstream/os',\n 'content/eus/rhel9/9.0/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/baseos/debug',\n 'content/eus/rhel9/9.0/ppc64le/baseos/os',\n 'content/eus/rhel9/9.0/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/codeready-builder/debug',\n 'content/eus/rhel9/9.0/ppc64le/codeready-builder/os',\n 'content/eus/rhel9/9.0/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/highavailability/debug',\n 'content/eus/rhel9/9.0/ppc64le/highavailability/os',\n 'content/eus/rhel9/9.0/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/resilientstorage/debug',\n 'content/eus/rhel9/9.0/ppc64le/resilientstorage/os',\n 'content/eus/rhel9/9.0/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/sap-solutions/debug',\n 'content/eus/rhel9/9.0/ppc64le/sap-solutions/os',\n 'content/eus/rhel9/9.0/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/sap/debug',\n 'content/eus/rhel9/9.0/ppc64le/sap/os',\n 'content/eus/rhel9/9.0/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel9/9.0/ppc64le/supplementary/debug',\n 'content/eus/rhel9/9.0/ppc64le/supplementary/os',\n 'content/eus/rhel9/9.0/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/appstream/debug',\n 'content/eus/rhel9/9.0/s390x/appstream/os',\n 'content/eus/rhel9/9.0/s390x/appstream/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/baseos/debug',\n 'content/eus/rhel9/9.0/s390x/baseos/os',\n 'content/eus/rhel9/9.0/s390x/baseos/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/codeready-builder/debug',\n 'content/eus/rhel9/9.0/s390x/codeready-builder/os',\n 'content/eus/rhel9/9.0/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/highavailability/debug',\n 'content/eus/rhel9/9.0/s390x/highavailability/os',\n 'content/eus/rhel9/9.0/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/resilientstorage/debug',\n 'content/eus/rhel9/9.0/s390x/resilientstorage/os',\n 'content/eus/rhel9/9.0/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/sap/debug',\n 'content/eus/rhel9/9.0/s390x/sap/os',\n 'content/eus/rhel9/9.0/s390x/sap/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/supplementary/debug',\n 'content/eus/rhel9/9.0/s390x/supplementary/os',\n 'content/eus/rhel9/9.0/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/appstream/debug',\n 'content/eus/rhel9/9.0/x86_64/appstream/os',\n 'content/eus/rhel9/9.0/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/baseos/debug',\n 'content/eus/rhel9/9.0/x86_64/baseos/os',\n 'content/eus/rhel9/9.0/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/codeready-builder/debug',\n 'content/eus/rhel9/9.0/x86_64/codeready-builder/os',\n 'content/eus/rhel9/9.0/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/highavailability/debug',\n 'content/eus/rhel9/9.0/x86_64/highavailability/os',\n 'content/eus/rhel9/9.0/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/resilientstorage/debug',\n 'content/eus/rhel9/9.0/x86_64/resilientstorage/os',\n 'content/eus/rhel9/9.0/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/sap-solutions/debug',\n 'content/eus/rhel9/9.0/x86_64/sap-solutions/os',\n 'content/eus/rhel9/9.0/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/sap/debug',\n 'content/eus/rhel9/9.0/x86_64/sap/os',\n 'content/eus/rhel9/9.0/x86_64/sap/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/supplementary/debug',\n 'content/eus/rhel9/9.0/x86_64/supplementary/os',\n 'content/eus/rhel9/9.0/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'mysql-8.0.30-3.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-common-8.0.30-3.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-devel-8.0.30-3.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-errmsg-8.0.30-3.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-libs-8.0.30-3.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-server-8.0.30-3.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-test-8.0.30-3.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mysql / mysql-common / mysql-devel / mysql-errmsg / mysql-libs / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:36:49", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7119 advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-2478, CVE-2021-2479, CVE-2021-35591)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Error Handling). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35596)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2021-35602)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.\n (CVE-2021-35623)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).\n Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data. (CVE-2021-35624)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).\n Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. (CVE-2021-35625)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35575, CVE-2021-35626, CVE-2021-35627, CVE-2021-35628, CVE-2021-35634, CVE-2021-35635, CVE-2021-35636, CVE-2021-35638, CVE-2021-35641, CVE-2021-35642, CVE-2021-35643, CVE-2021-35644, CVE-2021-35645, CVE-2021-35646, CVE-2021-35647, CVE-2022-21297)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data. (CVE-2021-35630)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35631)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35632)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. (CVE-2021-35633)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).\n Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2022-21245)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-2481)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35546)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via MySQL Protcol to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35577)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. (CVE-2021-35597)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35607)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).\n Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35608)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2021-35610, CVE-2022-21278)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2021-35612)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).\n Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35622)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35637)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35639)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2021-35640)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35648)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).\n Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21256, CVE-2022-21379)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. (CVE-2022-21265)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21270)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2022-21301)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21253, CVE-2022-21264, CVE-2022-21339, CVE-2022-21342, CVE-2022-21370)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21344)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21352)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).\n Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21362, CVE-2022-21374)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2022-21367)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services).\n Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. (CVE-2022-21368)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. (CVE-2022-21249)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21254)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21302)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21303)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21304)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21348)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2022-21351)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).\n Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21358)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).\n Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. (CVE-2022-21372)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2022-21378)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21427)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21412, CVE-2022-21414, CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21452, CVE-2022-21462)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21413)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server.\n (CVE-2022-21423)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2022-21440, CVE-2022-21459, CVE-2022-21478)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21451)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).\n Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21454)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. (CVE-2022-21457)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and unauthorized read access to a subset of MySQL Server accessible data.\n (CVE-2022-21479)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2022-21509, CVE-2022-21527, CVE-2022-21528)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.38 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21515)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21525, CVE-2022-21526, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531, CVE-2022-21553)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21534)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21517, CVE-2022-21537)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21415)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21417)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.\n (CVE-2022-21418)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2022-21425)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21444)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. (CVE-2022-21460)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21522)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).\n Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. (CVE-2022-21538)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. (CVE-2022-21539)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21547)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21569)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2021-35604)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-27T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : mysql:8.0 (ELSA-2022-7119)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-2478", "CVE-2021-2479", "CVE-2021-2481", "CVE-2021-35546", "CVE-2021-35575", "CVE-2021-35577", "CVE-2021-35591", "CVE-2021-35596", "CVE-2021-35597", "CVE-2021-35602", "CVE-2021-35604", "CVE-2021-35607", "CVE-2021-35608", "CVE-2021-35610", "CVE-2021-35612", "CVE-2021-35622", "CVE-2021-35623", "CVE-2021-35624", "CVE-2021-35625", "CVE-2021-35626", "CVE-2021-35627", "CVE-2021-35628", "CVE-2021-35630", "CVE-2021-35631", "CVE-2021-35632", "CVE-2021-35633", "CVE-2021-35634", "CVE-2021-35635", "CVE-2021-35636", "CVE-2021-35637", "CVE-2021-35638", "CVE-2021-35639", "CVE-2021-35640", "CVE-2021-35641", "CVE-2021-35642", "CVE-2021-35643", "CVE-2021-35644", "CVE-2021-35645", "CVE-2021-35646", "CVE-2021-35647", "CVE-2021-35648", "CVE-2022-21245", "CVE-2022-21249", "CVE-2022-21253", "CVE-2022-21254", "CVE-2022-21256", "CVE-2022-21264", "CVE-2022-21265", "CVE-2022-21270", "CVE-2022-21278", "CVE-2022-21297", "CVE-2022-21301", "CVE-2022-21302", "CVE-2022-21303", "CVE-2022-21304", "CVE-2022-21339", "CVE-2022-21342", "CVE-2022-21344", "CVE-2022-21348", "CVE-2022-21351", "CVE-2022-21352", "CVE-2022-21358", "CVE-2022-21362", "CVE-2022-21367", "CVE-2022-21368", "CVE-2022-21370", "CVE-2022-21372", "CVE-2022-21374", "CVE-2022-21378", "CVE-2022-21379", "CVE-2022-21412", "CVE-2022-21413", "CVE-2022-21414", "CVE-2022-21415", "CVE-2022-21417", "CVE-2022-21418", "CVE-2022-21423", "CVE-2022-21425", "CVE-2022-21427", "CVE-2022-21435", "CVE-2022-21436", "CVE-2022-21437", "CVE-2022-21438", "CVE-2022-21440", "CVE-2022-21444", "CVE-2022-21451", "CVE-2022-21452", "CVE-2022-21454", "CVE-2022-21457", "CVE-2022-21459", "CVE-2022-21460", "CVE-2022-21462", "CVE-2022-21478", "CVE-2022-21479", "CVE-2022-21509", "CVE-2022-21515", "CVE-2022-21517", "CVE-2022-21522", "CVE-2022-21525", "CVE-2022-21526", "CVE-2022-21527", "CVE-2022-21528", "CVE-2022-21529", "CVE-2022-21530", "CVE-2022-21531", "CVE-2022-21534", "CVE-2022-21537", "CVE-2022-21538", "CVE-2022-21539", "CVE-2022-21547", "CVE-2022-21553", "CVE-2022-21569"], "modified": "2023-04-20T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:mecab", "p-cpe:/a:oracle:linux:mecab-ipadic", "p-cpe:/a:oracle:linux:mecab-ipadic-eucjp", "p-cpe:/a:oracle:linux:mysql", "p-cpe:/a:oracle:linux:mysql-common", "p-cpe:/a:oracle:linux:mysql-devel", "p-cpe:/a:oracle:linux:mysql-errmsg", "p-cpe:/a:oracle:linux:mysql-libs", "p-cpe:/a:oracle:linux:mysql-server", "p-cpe:/a:oracle:linux:mysql-test"], "id": "ORACLELINUX_ELSA-2022-7119.NASL", "href": "https://www.tenable.com/plugins/nessus/166610", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-7119.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166610);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/20\");\n\n script_cve_id(\n \"CVE-2021-2478\",\n \"CVE-2021-2479\",\n \"CVE-2021-2481\",\n \"CVE-2021-35546\",\n \"CVE-2021-35575\",\n \"CVE-2021-35577\",\n \"CVE-2021-35591\",\n \"CVE-2021-35596\",\n \"CVE-2021-35597\",\n \"CVE-2021-35602\",\n \"CVE-2021-35604\",\n \"CVE-2021-35607\",\n \"CVE-2021-35608\",\n \"CVE-2021-35610\",\n \"CVE-2021-35612\",\n \"CVE-2021-35622\",\n \"CVE-2021-35623\",\n \"CVE-2021-35624\",\n \"CVE-2021-35625\",\n \"CVE-2021-35626\",\n \"CVE-2021-35627\",\n \"CVE-2021-35628\",\n \"CVE-2021-35630\",\n \"CVE-2021-35631\",\n \"CVE-2021-35632\",\n \"CVE-2021-35633\",\n \"CVE-2021-35634\",\n \"CVE-2021-35635\",\n \"CVE-2021-35636\",\n \"CVE-2021-35637\",\n \"CVE-2021-35638\",\n \"CVE-2021-35639\",\n \"CVE-2021-35640\",\n \"CVE-2021-35641\",\n \"CVE-2021-35642\",\n \"CVE-2021-35643\",\n \"CVE-2021-35644\",\n \"CVE-2021-35645\",\n \"CVE-2021-35646\",\n \"CVE-2021-35647\",\n \"CVE-2021-35648\",\n \"CVE-2022-21245\",\n \"CVE-2022-21249\",\n \"CVE-2022-21253\",\n \"CVE-2022-21254\",\n \"CVE-2022-21256\",\n \"CVE-2022-21264\",\n \"CVE-2022-21265\",\n \"CVE-2022-21270\",\n \"CVE-2022-21278\",\n \"CVE-2022-21297\",\n \"CVE-2022-21301\",\n \"CVE-2022-21302\",\n \"CVE-2022-21303\",\n \"CVE-2022-21304\",\n \"CVE-2022-21339\",\n \"CVE-2022-21342\",\n \"CVE-2022-21344\",\n \"CVE-2022-21348\",\n \"CVE-2022-21351\",\n \"CVE-2022-21352\",\n \"CVE-2022-21358\",\n \"CVE-2022-21362\",\n \"CVE-2022-21367\",\n \"CVE-2022-21368\",\n \"CVE-2022-21370\",\n \"CVE-2022-21372\",\n \"CVE-2022-21374\",\n \"CVE-2022-21378\",\n \"CVE-2022-21379\",\n \"CVE-2022-21412\",\n \"CVE-2022-21413\",\n \"CVE-2022-21414\",\n \"CVE-2022-21415\",\n \"CVE-2022-21417\",\n \"CVE-2022-21418\",\n \"CVE-2022-21423\",\n \"CVE-2022-21425\",\n \"CVE-2022-21427\",\n \"CVE-2022-21435\",\n \"CVE-2022-21436\",\n \"CVE-2022-21437\",\n \"CVE-2022-21438\",\n \"CVE-2022-21440\",\n \"CVE-2022-21444\",\n \"CVE-2022-21451\",\n \"CVE-2022-21452\",\n \"CVE-2022-21454\",\n \"CVE-2022-21457\",\n \"CVE-2022-21459\",\n \"CVE-2022-21460\",\n \"CVE-2022-21462\",\n \"CVE-2022-21478\",\n \"CVE-2022-21479\",\n \"CVE-2022-21509\",\n \"CVE-2022-21515\",\n \"CVE-2022-21517\",\n \"CVE-2022-21522\",\n \"CVE-2022-21525\",\n \"CVE-2022-21526\",\n \"CVE-2022-21527\",\n \"CVE-2022-21528\",\n \"CVE-2022-21529\",\n \"CVE-2022-21530\",\n \"CVE-2022-21531\",\n \"CVE-2022-21534\",\n \"CVE-2022-21537\",\n \"CVE-2022-21538\",\n \"CVE-2022-21539\",\n \"CVE-2022-21547\",\n \"CVE-2022-21553\",\n \"CVE-2022-21569\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0487\");\n script_xref(name:\"IAVA\", value:\"2022-A-0291\");\n script_xref(name:\"IAVA\", value:\"2022-A-0030\");\n script_xref(name:\"IAVA\", value:\"2022-A-0168-S\");\n\n script_name(english:\"Oracle Linux 8 : mysql:8.0 (ELSA-2022-7119)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-7119 advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions\n that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2021-2478, CVE-2021-2479, CVE-2021-35591)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Error Handling). Supported\n versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2021-35596)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions\n that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server\n accessible data. (CVE-2021-35602)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported\n versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.\n (CVE-2021-35623)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).\n Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable\n vulnerability allows high privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or\n modification access to critical data or all MySQL Server accessible data. (CVE-2021-35624)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).\n Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server\n accessible data. (CVE-2021-35625)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2021-35575, CVE-2021-35626, CVE-2021-35627, CVE-2021-35628, CVE-2021-35634,\n CVE-2021-35635, CVE-2021-35636, CVE-2021-35638, CVE-2021-35641, CVE-2021-35642, CVE-2021-35643,\n CVE-2021-35644, CVE-2021-35645, CVE-2021-35646, CVE-2021-35647, CVE-2022-21297)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions\n that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized creation, deletion or modification access to critical data or all\n MySQL Server accessible data. (CVE-2021-35630)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions\n that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2021-35631)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported\n versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged\n attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35632)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions\n that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of\n MySQL Server. (CVE-2021-35633)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).\n Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete\n access to some of MySQL Server accessible data. (CVE-2022-21245)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2021-2481)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported\n versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2021-35546)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via MySQL Protcol to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2021-35577)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are\n affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with\n network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL\n Client. (CVE-2021-35597)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions\n that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2021-35607)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).\n Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows low\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2021-35608)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server\n accessible data. (CVE-2021-35610, CVE-2022-21278)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server\n accessible data. (CVE-2021-35612)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).\n Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2021-35622)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that\n are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL\n Server. (CVE-2021-35637)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported\n versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2021-35639)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions\n that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server\n accessible data. (CVE-2021-35640)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions\n that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2021-35648)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).\n Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21256, CVE-2022-21379)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server\n accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL\n Server. (CVE-2022-21265)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported\n versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability\n allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21270)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions\n that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server\n accessible data. (CVE-2022-21301)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2022-21253, CVE-2022-21264, CVE-2022-21339, CVE-2022-21342, CVE-2022-21370)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported\n versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability\n allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21344)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server\n accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of\n MySQL Server. (CVE-2022-21352)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).\n Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21362, CVE-2022-21374)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling). Supported\n versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability\n allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to\n some of MySQL Server accessible data. (CVE-2022-21367)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services).\n Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL\n Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and\n unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. (CVE-2022-21368)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions\n that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of\n MySQL Server. (CVE-2022-21249)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows low privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2022-21254)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.27 and prior. Difficult to exploit vulnerability allows low privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL\n Server. (CVE-2022-21302)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported\n versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability\n allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21303)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions\n that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21304)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL\n Server. (CVE-2022-21348)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows low privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server\n accessible data. (CVE-2022-21351)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).\n Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows low\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21358)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).\n Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service\n (partial DOS) of MySQL Server. (CVE-2022-21372)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server\n accessible data. (CVE-2022-21378)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions\n that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21427)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2022-21412, CVE-2022-21414, CVE-2022-21435, CVE-2022-21436, CVE-2022-21437,\n CVE-2022-21438, CVE-2022-21452, CVE-2022-21462)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions\n that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2022-21413)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server.\n (CVE-2022-21423)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server\n accessible data. (CVE-2022-21440, CVE-2022-21459, CVE-2022-21478)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21451)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).\n Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21454)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported\n versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server\n accessible data. (CVE-2022-21457)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server and unauthorized read access to a subset of MySQL Server accessible data.\n (CVE-2022-21479)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server\n accessible data. (CVE-2022-21509, CVE-2022-21527, CVE-2022-21528)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions\n that are affected are 5.7.38 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21515)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2022-21525, CVE-2022-21526, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531,\n CVE-2022-21553)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported\n versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2022-21534)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL\n Server. (CVE-2022-21517, CVE-2022-21537)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported\n versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2022-21415)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21417)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL\n Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.\n (CVE-2022-21418)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions\n that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server\n accessible data. (CVE-2022-21425)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions\n that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows\n high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21444)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions\n that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows\n high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized access to critical data or complete access to all\n MySQL Server accessible data. (CVE-2022-21460)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported\n versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2022-21522)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).\n Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service\n (partial DOS) of MySQL Server. (CVE-2022-21538)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well\n as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause\n a partial denial of service (partial DOS) of MySQL Server. (CVE-2022-21539)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported\n versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2022-21547)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows low privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2022-21569)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of\n MySQL Server accessible data. (CVE-2021-35604)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-7119.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-21368\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-21351\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mecab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mecab-ipadic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mecab-ipadic-EUCJP\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mysql-test\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/mysql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');\nif ('8.0' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module mysql:' + module_ver);\n\nvar appstreams = {\n 'mysql:8.0': [\n {'reference':'mecab-0.996-2.module+el8.6.0+20849+f637f661', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-0.996-2.module+el8.6.0+20849+f637f661', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.0.1.module+el8.0.0+5253+1dce7bb2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.0.1.module+el8.0.0+5253+1dce7bb2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.0.1.module+el8.0.0+5253+1dce7bb2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.0.1.module+el8.0.0+5253+1dce7bb2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-8.0.30-1.module+el8.6.0+20849+f637f661', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-8.0.30-1.module+el8.6.0+20849+f637f661', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-common-8.0.30-1.module+el8.6.0+20849+f637f661', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-common-8.0.30-1.module+el8.6.0+20849+f637f661', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-devel-8.0.30-1.module+el8.6.0+20849+f637f661', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-devel-8.0.30-1.module+el8.6.0+20849+f637f661', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-errmsg-8.0.30-1.module+el8.6.0+20849+f637f661', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-errmsg-8.0.30-1.module+el8.6.0+20849+f637f661', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-libs-8.0.30-1.module+el8.6.0+20849+f637f661', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-libs-8.0.30-1.module+el8.6.0+20849+f637f661', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-server-8.0.30-1.module+el8.6.0+20849+f637f661', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-server-8.0.30-1.module+el8.6.0+20849+f637f661', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-test-8.0.30-1.module+el8.6.0+20849+f637f661', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-test-8.0.30-1.module+el8.6.0+20849+f637f661', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var package_array ( appstreams[module] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mecab / mecab-ipadic / mecab-ipadic-EUCJP / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-08T04:52:09", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7119 advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-2478, CVE-2021-2479, CVE-2021-35591)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-2481)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35546)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35575, CVE-2021-35626, CVE-2021-35627, CVE-2021-35628, CVE-2021-35634, CVE-2021-35635, CVE-2021-35636, CVE-2021-35638, CVE-2021-35641, CVE-2021-35642, CVE-2021-35643, CVE-2021-35644, CVE-2021-35645, CVE-2021-35646, CVE-2021-35647, CVE-2022-21297)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via MySQL Protcol to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35577)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Error Handling). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35596)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Client. (CVE-2021-35597)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2021-35602)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2021-35604)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35607)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).\n Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35608)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2021-35610, CVE-2022-21278)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2021-35612)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).\n Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35622)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.\n (CVE-2021-35623)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).\n Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data. (CVE-2021-35624)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).\n Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. (CVE-2021-35625)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data. (CVE-2021-35630)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35631)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35632)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. (CVE-2021-35633)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35637)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35639)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2021-35640)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35648)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).\n Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2022-21245)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. (CVE-2022-21249)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21253, CVE-2022-21264, CVE-2022-21339, CVE-2022-21342, CVE-2022-21370)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21254)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).\n Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21256, CVE-2022-21379)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. (CVE-2022-21265)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21270)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2022-21301)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21302)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21303)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21304)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21344)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21348)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2022-21351)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21352)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).\n Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21358)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).\n Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21362, CVE-2022-21374)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling). Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2022-21367)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services).\n Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. (CVE-2022-21368)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).\n Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. (CVE-2022-21372)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2022-21378)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21412, CVE-2022-21414, CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21452, CVE-2022-21462)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21413)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21415)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21417)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.\n (CVE-2022-21418)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server.\n (CVE-2022-21423)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2022-21425)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21427)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2022-21440, CVE-2022-21459, CVE-2022-21478)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21444)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21451)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).\n Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21454)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. (CVE-2022-21457)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. (CVE-2022-21460)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and unauthorized read access to a subset of MySQL Server accessible data.\n (CVE-2022-21479)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. (CVE-2022-21509, CVE-2022-21527, CVE-2022-21528)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 5.7.38 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21515)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21517, CVE-2022-21537)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21522)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21525, CVE-2022-21526, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531, CVE-2022-21553)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21534)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).\n Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. (CVE-2022-21538)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. (CVE-2022-21539)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21547)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21569)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-25T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : mysql:8.0 (ALSA-2022:7119)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-2478", "CVE-2021-2479", "CVE-2021-2481", "CVE-2021-35546", "CVE-2021-35575", "CVE-2021-35577", "CVE-2021-35591", "CVE-2021-35596", "CVE-2021-35597", "CVE-2021-35602", "CVE-2021-35604", "CVE-2021-35607", "CVE-2021-35608", "CVE-2021-35610", "CVE-2021-35612", "CVE-2021-35622", "CVE-2021-35623", "CVE-2021-35624", "CVE-2021-35625", "CVE-2021-35626", "CVE-2021-35627", "CVE-2021-35628", "CVE-2021-35630", "CVE-2021-35631", "CVE-2021-35632", "CVE-2021-35633", "CVE-2021-35634", "CVE-2021-35635", "CVE-2021-35636", "CVE-2021-35637", "CVE-2021-35638", "CVE-2021-35639", "CVE-2021-35640", "CVE-2021-35641", "CVE-2021-35642", "CVE-2021-35643", "CVE-2021-35644", "CVE-2021-35645", "CVE-2021-35646", "CVE-2021-35647", "CVE-2021-35648", "CVE-2022-21245", "CVE-2022-21249", "CVE-2022-21253", "CVE-2022-21254", "CVE-2022-21256", "CVE-2022-21264", "CVE-2022-21265", "CVE-2022-21270", "CVE-2022-21278", "CVE-2022-21297", "CVE-2022-21301", "CVE-2022-21302", "CVE-2022-21303", "CVE-2022-21304", "CVE-2022-21339", "CVE-2022-21342", "CVE-2022-21344", "CVE-2022-21348", "CVE-2022-21351", "CVE-2022-21352", "CVE-2022-21358", "CVE-2022-21362", "CVE-2022-21367", "CVE-2022-21368", "CVE-2022-21370", "CVE-2022-21372", "CVE-2022-21374", "CVE-2022-21378", "CVE-2022-21379", "CVE-2022-21412", "CVE-2022-21413", "CVE-2022-21414", "CVE-2022-21415", "CVE-2022-21417", "CVE-2022-21418", "CVE-2022-21423", "CVE-2022-21425", "CVE-2022-21427", "CVE-2022-21435", "CVE-2022-21436", "CVE-2022-21437", "CVE-2022-21438", "CVE-2022-21440", "CVE-2022-21444", "CVE-2022-21451", "CVE-2022-21452", "CVE-2022-21454", "CVE-2022-21457", "CVE-2022-21459", "CVE-2022-21460", "CVE-2022-21462", "CVE-2022-21478", "CVE-2022-21479", "CVE-2022-21509", "CVE-2022-21515", "CVE-2022-21517", "CVE-2022-21522", "CVE-2022-21525", "CVE-2022-21526", "CVE-2022-21527", "CVE-2022-21528", "CVE-2022-21529", "CVE-2022-21530", "CVE-2022-21531", "CVE-2022-21534", "CVE-2022-21537", "CVE-2022-21538", "CVE-2022-21539", "CVE-2022-21547", "CVE-2022-21553", "CVE-2022-21569"], "modified": "2023-08-07T00:00:00", "cpe": ["cpe:/o:alma:linux:8", "cpe:/o:alma:linux:8::appstream", "p-cpe:/a:alma:linux:mecab-ipadic", "p-cpe:/a:alma:linux:mecab-ipadic-eucjp"], "id": "ALMA_LINUX_ALSA-2022-7119.NASL", "href": "https://www.tenable.com/plugins/nessus/166504", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:7119.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166504);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/08/07\");\n\n script_cve_id(\n \"CVE-2021-2478\",\n \"CVE-2021-2479\",\n \"CVE-2021-2481\",\n \"CVE-2021-35546\",\n \"CVE-2021-35575\",\n \"CVE-2021-35577\",\n \"CVE-2021-35591\",\n \"CVE-2021-35596\",\n \"CVE-2021-35597\",\n \"CVE-2021-35602\",\n \"CVE-2021-35604\",\n \"CVE-2021-35607\",\n \"CVE-2021-35608\",\n \"CVE-2021-35610\",\n \"CVE-2021-35612\",\n \"CVE-2021-35622\",\n \"CVE-2021-35623\",\n \"CVE-2021-35624\",\n \"CVE-2021-35625\",\n \"CVE-2021-35626\",\n \"CVE-2021-35627\",\n \"CVE-2021-35628\",\n \"CVE-2021-35630\",\n \"CVE-2021-35631\",\n \"CVE-2021-35632\",\n \"CVE-2021-35633\",\n \"CVE-2021-35634\",\n \"CVE-2021-35635\",\n \"CVE-2021-35636\",\n \"CVE-2021-35637\",\n \"CVE-2021-35638\",\n \"CVE-2021-35639\",\n \"CVE-2021-35640\",\n \"CVE-2021-35641\",\n \"CVE-2021-35642\",\n \"CVE-2021-35643\",\n \"CVE-2021-35644\",\n \"CVE-2021-35645\",\n \"CVE-2021-35646\",\n \"CVE-2021-35647\",\n \"CVE-2021-35648\",\n \"CVE-2022-21245\",\n \"CVE-2022-21249\",\n \"CVE-2022-21253\",\n \"CVE-2022-21254\",\n \"CVE-2022-21256\",\n \"CVE-2022-21264\",\n \"CVE-2022-21265\",\n \"CVE-2022-21270\",\n \"CVE-2022-21278\",\n \"CVE-2022-21297\",\n \"CVE-2022-21301\",\n \"CVE-2022-21302\",\n \"CVE-2022-21303\",\n \"CVE-2022-21304\",\n \"CVE-2022-21339\",\n \"CVE-2022-21342\",\n \"CVE-2022-21344\",\n \"CVE-2022-21348\",\n \"CVE-2022-21351\",\n \"CVE-2022-21352\",\n \"CVE-2022-21358\",\n \"CVE-2022-21362\",\n \"CVE-2022-21367\",\n \"CVE-2022-21368\",\n \"CVE-2022-21370\",\n \"CVE-2022-21372\",\n \"CVE-2022-21374\",\n \"CVE-2022-21378\",\n \"CVE-2022-21379\",\n \"CVE-2022-21412\",\n \"CVE-2022-21413\",\n \"CVE-2022-21414\",\n \"CVE-2022-21415\",\n \"CVE-2022-21417\",\n \"CVE-2022-21418\",\n \"CVE-2022-21423\",\n \"CVE-2022-21425\",\n \"CVE-2022-21427\",\n \"CVE-2022-21435\",\n \"CVE-2022-21436\",\n \"CVE-2022-21437\",\n \"CVE-2022-21438\",\n \"CVE-2022-21440\",\n \"CVE-2022-21444\",\n \"CVE-2022-21451\",\n \"CVE-2022-21452\",\n \"CVE-2022-21454\",\n \"CVE-2022-21457\",\n \"CVE-2022-21459\",\n \"CVE-2022-21460\",\n \"CVE-2022-21462\",\n \"CVE-2022-21478\",\n \"CVE-2022-21479\",\n \"CVE-2022-21509\",\n \"CVE-2022-21515\",\n \"CVE-2022-21517\",\n \"CVE-2022-21522\",\n \"CVE-2022-21525\",\n \"CVE-2022-21526\",\n \"CVE-2022-21527\",\n \"CVE-2022-21528\",\n \"CVE-2022-21529\",\n \"CVE-2022-21530\",\n \"CVE-2022-21531\",\n \"CVE-2022-21534\",\n \"CVE-2022-21537\",\n \"CVE-2022-21538\",\n \"CVE-2022-21539\",\n \"CVE-2022-21547\",\n \"CVE-2022-21553\",\n \"CVE-2022-21569\"\n );\n script_xref(name:\"ALSA\", value:\"2022:7119\");\n\n script_name(english:\"AlmaLinux 8 : mysql:8.0 (ALSA-2022:7119)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2022:7119 advisory.\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions\n that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2021-2478, CVE-2021-2479, CVE-2021-35591)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2021-2481)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported\n versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2021-35546)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2021-35575, CVE-2021-35626, CVE-2021-35627, CVE-2021-35628, CVE-2021-35634,\n CVE-2021-35635, CVE-2021-35636, CVE-2021-35638, CVE-2021-35641, CVE-2021-35642, CVE-2021-35643,\n CVE-2021-35644, CVE-2021-35645, CVE-2021-35646, CVE-2021-35647, CVE-2022-21297)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via MySQL Protcol to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2021-35577)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Error Handling). Supported\n versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2021-35596)\n\n - Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are\n affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker with\n network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL\n Client. (CVE-2021-35597)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions\n that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server\n accessible data. (CVE-2021-35602)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of\n MySQL Server accessible data. (CVE-2021-35604)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions\n that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2021-35607)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).\n Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows low\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2021-35608)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows low privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server\n accessible data. (CVE-2021-35610, CVE-2022-21278)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server\n accessible data. (CVE-2021-35612)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).\n Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2021-35622)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). Supported\n versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data.\n (CVE-2021-35623)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).\n Supported versions that are affected are 5.7.35 and prior and 8.0.26 and prior. Easily exploitable\n vulnerability allows high privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or\n modification access to critical data or all MySQL Server accessible data. (CVE-2021-35624)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).\n Supported versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server\n accessible data. (CVE-2021-35625)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions\n that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized creation, deletion or modification access to critical data or all\n MySQL Server accessible data. (CVE-2021-35630)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions\n that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2021-35631)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported\n versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged\n attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. (CVE-2021-35632)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions\n that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of\n MySQL Server. (CVE-2021-35633)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that\n are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL\n Server. (CVE-2021-35637)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported\n versions that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2021-35639)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions\n that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server\n accessible data. (CVE-2021-35640)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions\n that are affected are 8.0.26 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2021-35648)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).\n Supported versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete\n access to some of MySQL Server accessible data. (CVE-2022-21245)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions\n that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of\n MySQL Server. (CVE-2022-21249)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2022-21253, CVE-2022-21264, CVE-2022-21339, CVE-2022-21342, CVE-2022-21370)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows low privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2022-21254)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).\n Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21256, CVE-2022-21379)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server\n accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL\n Server. (CVE-2022-21265)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported\n versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability\n allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21270)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions\n that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server\n accessible data. (CVE-2022-21301)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.27 and prior. Difficult to exploit vulnerability allows low privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL\n Server. (CVE-2022-21302)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported\n versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability\n allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21303)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions\n that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21304)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported\n versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability\n allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21344)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL\n Server. (CVE-2022-21348)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows low privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server\n accessible data. (CVE-2022-21351)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server\n accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of\n MySQL Server. (CVE-2022-21352)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).\n Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows low\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21358)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).\n Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21362, CVE-2022-21374)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Compiling). Supported\n versions that are affected are 5.7.36 and prior and 8.0.27 and prior. Easily exploitable vulnerability\n allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.\n Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently\n repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to\n some of MySQL Server accessible data. (CVE-2022-21367)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services).\n Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL\n Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and\n unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. (CVE-2022-21368)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).\n Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service\n (partial DOS) of MySQL Server. (CVE-2022-21372)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server\n accessible data. (CVE-2022-21378)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2022-21412, CVE-2022-21414, CVE-2022-21435, CVE-2022-21436, CVE-2022-21437,\n CVE-2022-21438, CVE-2022-21452, CVE-2022-21462)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions\n that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2022-21413)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported\n versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2022-21415)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21417)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL\n Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.\n (CVE-2022-21418)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server.\n (CVE-2022-21423)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions\n that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker\n with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server\n accessible data. (CVE-2022-21425)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions\n that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21427)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server\n accessible data. (CVE-2022-21440, CVE-2022-21459, CVE-2022-21478)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions\n that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows\n high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21444)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21451)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin).\n Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable\n vulnerability allows low privileged attacker with network access via multiple protocols to compromise\n MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang\n or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2022-21454)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported\n versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server\n accessible data. (CVE-2022-21457)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions\n that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows\n high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized access to critical data or complete access to all\n MySQL Server accessible data. (CVE-2022-21460)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server and unauthorized read access to a subset of MySQL Server accessible data.\n (CVE-2022-21479)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server\n accessible data. (CVE-2022-21509, CVE-2022-21527, CVE-2022-21528)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions\n that are affected are 5.7.38 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows high\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable\n crash (complete DOS) of MySQL Server. (CVE-2022-21515)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL\n Server. (CVE-2022-21517, CVE-2022-21537)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported\n versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2022-21522)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2022-21525, CVE-2022-21526, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531,\n CVE-2022-21553)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Supported\n versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2022-21534)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption).\n Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low\n privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful\n attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service\n (partial DOS) of MySQL Server. (CVE-2022-21538)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are\n affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low privileged attacker with\n network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability\n can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well\n as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause\n a partial denial of service (partial DOS) of MySQL Server. (CVE-2022-21539)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Federated). Supported\n versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows high privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2022-21547)\n\n - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported\n versions that are affected are 8.0.29 and prior. Easily exploitable vulnerability allows low privileged\n attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this\n vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete\n DOS) of MySQL Server. (CVE-2022-21569)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2022-7119.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-21368\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-21351\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mecab-ipadic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:mecab-ipadic-EUCJP\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8::appstream\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar module_ver = get_kb_item('Host/AlmaLinux/appstream/mysql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');\nif ('8.0' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module mysql:' + module_ver);\n\nvar appstreams = {\n 'mysql:8.0': [\n {'reference':'mecab-0.996-2.module_el8.6.0+3340+d764b636', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-0.996-2.module_el8.6.0+3340+d764b636', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.module_el8.6.0+3340+d764b636', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.module_el8.6.0+3340+d764b636', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module_el8.6.0+3340+d764b636', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module_el8.6.0+3340+d764b636', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-8.0.30-1.module_el8.6.0+3340+d764b636', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-8.0.30-1.module_el8.6.0+3340+d764b636', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-common-8.0.30-1.module_el8.6.0+3340+d764b636', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-common-8.0.30-1.module_el8.6.0+3340+d764b636', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-devel-8.0.30-1.module_el8.6.0+3340+d764b636', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-devel-8.0.30-1.module_el8.6.0+3340+d764b636', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-errmsg-8.0.30-1.module_el8.6.0+3340+d764b636', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-errmsg-8.0.30-1.module_el8.6.0+3340+d764b636', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-libs-8.0.30-1.module_el8.6.0+3340+d764b636', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-libs-8.0.30-1.module_el8.6.0+3340+d764b636', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-server-8.0.30-1.module_el8.6.0+3340+d764b636', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-server-8.0.30-1.module_el8.6.0+3340+d764b636', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-test-8.0.30-1.module_el8.6.0+3340+d764b636', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-test-8.0.30-1.module_el8.6.0+3340+d764b636', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/AlmaLinux/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var package_array ( appstreams[module] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mecab / mecab-ipadic / mecab-ipadic-EUCJP / mysql / mysql-common / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T18:36:06", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7119 advisory.\n\n - mysql: Server: DML unspecified vulnerability (CPU Oct 2021) (CVE-2021-2478, CVE-2021-2479, CVE-2021-35591, CVE-2021-35607)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2021) (CVE-2021-2481, CVE-2021-35575, CVE-2021-35577, CVE-2021-35610, CVE-2021-35612, CVE-2021-35626, CVE-2021-35627, CVE-2021-35628, CVE-2021-35634, CVE-2021-35635, CVE-2021-35636, CVE-2021-35638, CVE-2021-35641, CVE-2021-35642, CVE-2021-35643, CVE-2021-35644, CVE-2021-35645, CVE-2021-35646, CVE-2021-35647)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Oct 2021) (CVE-2021-35546)\n\n - mysql: Server: Error Handling unspecified vulnerability (CPU Oct 2021) (CVE-2021-35596)\n\n - mysql: C API unspecified vulnerability (CPU Oct 2021) (CVE-2021-35597)\n\n - mysql: Server: Options unspecified vulnerability (CPU Oct 2021) (CVE-2021-35602, CVE-2021-35630)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Oct 2021) (CVE-2021-35608)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2021) (CVE-2021-35622)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Oct 2021) (CVE-2021-35623)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Oct 2021) (CVE-2021-35624, CVE-2021-35625)\n\n - mysql: Server: GIS unspecified vulnerability (CPU Oct 2021) (CVE-2021-35631)\n\n - mysql: Server: Data Dictionary unspecified vulnerability (CPU Oct 2021) (CVE-2021-35632)\n\n - mysql: Server: Logging unspecified vulnerability (CPU Oct 2021) (CVE-2021-35633)\n\n - mysql: Server: PS unspecified vulnerability (CPU Oct 2021) (CVE-2021-35637)\n\n - mysql: Server: Stored Procedure unspecified vulnerability (CPU Oct 2021) (CVE-2021-35639)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Oct 2021) (CVE-2021-35640)\n\n - mysql: Server: FTS unspecified vulnerability (CPU Oct 2021) (CVE-2021-35648)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2022) (CVE-2022-21245)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jan 2022) (CVE-2022-21249)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2022) (CVE-2022-21253, CVE-2022-21254, CVE-2022-21264, CVE-2022-21265, CVE-2022-21278, CVE-2022-21297, CVE-2022-21339, CVE-2022-21342, CVE-2022-21351, CVE-2022-21370, CVE-2022-21378)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Jan 2022) (CVE-2022-21256, CVE-2022-21379)\n\n - mysql: Server: Federated unspecified vulnerability (CPU Jan 2022) (CVE-2022-21270)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jan 2022) (CVE-2022-21301)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jan 2022) (CVE-2022-21302, CVE-2022-21348, CVE-2022-21352)\n\n - mysql: Server: Stored Procedure unspecified vulnerability (CPU Jan 2022) (CVE-2022-21303)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jan 2022) (CVE-2022-21304)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Jan 2022) (CVE-2022-21344)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2022) (CVE-2022-21358, CVE-2022-21372)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Jan 2022) (CVE-2022-21362, CVE-2022-21374)\n\n - mysql: Server: Compiling unspecified vulnerability (CPU Jan 2022) (CVE-2022-21367)\n\n - mysql: Server: Components Services unspecified vulnerability (CPU Jan 2022) (CVE-2022-21368)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2022) (CVE-2022-21412, CVE-2022-21414, CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21440, CVE-2022-21452, CVE-2022-21459, CVE-2022-21462, CVE-2022-21478, CVE-2022-21479)\n\n - mysql: Server: DML unspecified vulnerability (CPU Apr 2022) (CVE-2022-21413)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Apr 2022) (CVE-2022-21415)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2022) (CVE-2022-21417, CVE-2022-21418, CVE-2022-21423, CVE-2022-21451)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Apr 2022) (CVE-2022-21425, CVE-2022-21444)\n\n - mysql: Server: FTS unspecified vulnerability (CPU Apr 2022) (CVE-2022-21427)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2022) (CVE-2022-21454)\n\n - mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Jul 2022) (CVE-2022-21455)\n\n - mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Apr 2022) (CVE-2022-21457)\n\n - mysql: Server: Logging unspecified vulnerability (CPU Apr 2022) (CVE-2022-21460)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2022) (CVE-2022-21509, CVE-2022-21525, CVE-2022-21526, CVE-2022-21527, CVE-2022-21528, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531, CVE-2022-21553, CVE-2022-21556, CVE-2022-21569)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jul 2022) (CVE-2022-21515)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2022) (CVE-2022-21517, CVE-2022-21537, CVE-2022-21539)\n\n - mysql: Server: Stored Procedure unspecified vulnerability (CPU Jul 2022) (CVE-2022-21522, CVE-2022-21534)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Jul 2022) (CVE-2022-21538)\n\n - mysql: Server: Federated unspecified vulnerability (CPU Jul 2022) (CVE-2022-21547)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2022) (CVE-2022-21592)\n\n - mysql: C API unspecified vulnerability (CPU Oct 2022) (CVE-2022-21595)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21600, CVE-2022-21607, CVE-2022-21638, CVE-2022-21641)\n\n - mysql: Server: Data Dictionary unspecified vulnerability (CPU Oct 2022) (CVE-2022-21605)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21635)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21866, CVE-2023-21872)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-26T00:00:00", "type": "nessus", "title": "RHEL 8 : mysql:8.0 (RHSA-2022:7119)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-2478", "CVE-2021-2479", "CVE-2021-2481", "CVE-2021-35546", "CVE-2021-35575", "CVE-2021-35577", "CVE-2021-35591", "CVE-2021-35596", "CVE-2021-35597", "CVE-2021-35602", "CVE-2021-35604", "CVE-2021-35607", "CVE-2021-35608", "CVE-2021-35610", "CVE-2021-35612", "CVE-2021-35622", "CVE-2021-35623", "CVE-2021-35624", "CVE-2021-35625", "CVE-2021-35626", "CVE-2021-35627", "CVE-2021-35628", "CVE-2021-35630", "CVE-2021-35631", "CVE-2021-35632", "CVE-2021-35633", "CVE-2021-35634", "CVE-2021-35635", "CVE-2021-35636", "CVE-2021-35637", "CVE-2021-35638", "CVE-2021-35639", "CVE-2021-35640", "CVE-2021-35641", "CVE-2021-35642", "CVE-2021-35643", "CVE-2021-35644", "CVE-2021-35645", "CVE-2021-35646", "CVE-2021-35647", "CVE-2021-35648", "CVE-2022-21245", "CVE-2022-21249", "CVE-2022-21253", "CVE-2022-21254", "CVE-2022-21256", "CVE-2022-21264", "CVE-2022-21265", "CVE-2022-21270", "CVE-2022-21278", "CVE-2022-21297", "CVE-2022-21301", "CVE-2022-21302", "CVE-2022-21303", "CVE-2022-21304", "CVE-2022-21339", "CVE-2022-21342", "CVE-2022-21344", "CVE-2022-21348", "CVE-2022-21351", "CVE-2022-21352", "CVE-2022-21358", "CVE-2022-21362", "CVE-2022-21367", "CVE-2022-21368", "CVE-2022-21370", "CVE-2022-21372", "CVE-2022-21374", "CVE-2022-21378", "CVE-2022-21379", "CVE-2022-21412", "CVE-2022-21413", "CVE-2022-21414", "CVE-2022-21415", "CVE-2022-21417", "CVE-2022-21418", "CVE-2022-21423", "CVE-2022-21425", "CVE-2022-21427", "CVE-2022-21435", "CVE-2022-21436", "CVE-2022-21437", "CVE-2022-21438", "CVE-2022-21440", "CVE-2022-21444", "CVE-2022-21451", "CVE-2022-21452", "CVE-2022-21454", "CVE-2022-21455", "CVE-2022-21457", "CVE-2022-21459", "CVE-2022-21460", "CVE-2022-21462", "CVE-2022-21478", "CVE-2022-21479", "CVE-2022-21509", "CVE-2022-21515", "CVE-2022-21517", "CVE-2022-21522", "CVE-2022-21525", "CVE-2022-21526", "CVE-2022-21527", "CVE-2022-21528", "CVE-2022-21529", "CVE-2022-21530", "CVE-2022-21531", "CVE-2022-21534", "CVE-2022-21537", "CVE-2022-21538", "CVE-2022-21539", "CVE-2022-21547", "CVE-2022-21553", "CVE-2022-21556", "CVE-2022-21569", "CVE-2022-21592", "CVE-2022-21595", "CVE-2022-21600", "CVE-2022-21605", "CVE-2022-21607", "CVE-2022-21635", "CVE-2022-21638", "CVE-2022-21641", "CVE-2023-21866", "CVE-2023-21872"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:mecab", "p-cpe:/a:redhat:enterprise_linux:mecab-ipadic", "p-cpe:/a:redhat:enterprise_linux:mecab-ipadic-eucjp", "p-cpe:/a:redhat:enterprise_linux:mysql", "p-cpe:/a:redhat:enterprise_linux:mysql-common", "p-cpe:/a:redhat:enterprise_linux:mysql-devel", "p-cpe:/a:redhat:enterprise_linux:mysql-errmsg", "p-cpe:/a:redhat:enterprise_linux:mysql-libs", "p-cpe:/a:redhat:enterprise_linux:mysql-server", "p-cpe:/a:redhat:enterprise_linux:mysql-test"], "id": "REDHAT-RHSA-2022-7119.NASL", "href": "https://www.tenable.com/plugins/nessus/166543", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:7119. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166543);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2021-2478\",\n \"CVE-2021-2479\",\n \"CVE-2021-2481\",\n \"CVE-2021-35546\",\n \"CVE-2021-35575\",\n \"CVE-2021-35577\",\n \"CVE-2021-35591\",\n \"CVE-2021-35596\",\n \"CVE-2021-35597\",\n \"CVE-2021-35602\",\n \"CVE-2021-35604\",\n \"CVE-2021-35607\",\n \"CVE-2021-35608\",\n \"CVE-2021-35610\",\n \"CVE-2021-35612\",\n \"CVE-2021-35622\",\n \"CVE-2021-35623\",\n \"CVE-2021-35624\",\n \"CVE-2021-35625\",\n \"CVE-2021-35626\",\n \"CVE-2021-35627\",\n \"CVE-2021-35628\",\n \"CVE-2021-35630\",\n \"CVE-2021-35631\",\n \"CVE-2021-35632\",\n \"CVE-2021-35633\",\n \"CVE-2021-35634\",\n \"CVE-2021-35635\",\n \"CVE-2021-35636\",\n \"CVE-2021-35637\",\n \"CVE-2021-35638\",\n \"CVE-2021-35639\",\n \"CVE-2021-35640\",\n \"CVE-2021-35641\",\n \"CVE-2021-35642\",\n \"CVE-2021-35643\",\n \"CVE-2021-35644\",\n \"CVE-2021-35645\",\n \"CVE-2021-35646\",\n \"CVE-2021-35647\",\n \"CVE-2021-35648\",\n \"CVE-2022-21245\",\n \"CVE-2022-21249\",\n \"CVE-2022-21253\",\n \"CVE-2022-21254\",\n \"CVE-2022-21256\",\n \"CVE-2022-21264\",\n \"CVE-2022-21265\",\n \"CVE-2022-21270\",\n \"CVE-2022-21278\",\n \"CVE-2022-21297\",\n \"CVE-2022-21301\",\n \"CVE-2022-21302\",\n \"CVE-2022-21303\",\n \"CVE-2022-21304\",\n \"CVE-2022-21339\",\n \"CVE-2022-21342\",\n \"CVE-2022-21344\",\n \"CVE-2022-21348\",\n \"CVE-2022-21351\",\n \"CVE-2022-21352\",\n \"CVE-2022-21358\",\n \"CVE-2022-21362\",\n \"CVE-2022-21367\",\n \"CVE-2022-21368\",\n \"CVE-2022-21370\",\n \"CVE-2022-21372\",\n \"CVE-2022-21374\",\n \"CVE-2022-21378\",\n \"CVE-2022-21379\",\n \"CVE-2022-21412\",\n \"CVE-2022-21413\",\n \"CVE-2022-21414\",\n \"CVE-2022-21415\",\n \"CVE-2022-21417\",\n \"CVE-2022-21418\",\n \"CVE-2022-21423\",\n \"CVE-2022-21425\",\n \"CVE-2022-21427\",\n \"CVE-2022-21435\",\n \"CVE-2022-21436\",\n \"CVE-2022-21437\",\n \"CVE-2022-21438\",\n \"CVE-2022-21440\",\n \"CVE-2022-21444\",\n \"CVE-2022-21451\",\n \"CVE-2022-21452\",\n \"CVE-2022-21454\",\n \"CVE-2022-21455\",\n \"CVE-2022-21457\",\n \"CVE-2022-21459\",\n \"CVE-2022-21460\",\n \"CVE-2022-21462\",\n \"CVE-2022-21478\",\n \"CVE-2022-21479\",\n \"CVE-2022-21509\",\n \"CVE-2022-21515\",\n \"CVE-2022-21517\",\n \"CVE-2022-21522\",\n \"CVE-2022-21525\",\n \"CVE-2022-21526\",\n \"CVE-2022-21527\",\n \"CVE-2022-21528\",\n \"CVE-2022-21529\",\n \"CVE-2022-21530\",\n \"CVE-2022-21531\",\n \"CVE-2022-21534\",\n \"CVE-2022-21537\",\n \"CVE-2022-21538\",\n \"CVE-2022-21539\",\n \"CVE-2022-21547\",\n \"CVE-2022-21553\",\n \"CVE-2022-21556\",\n \"CVE-2022-21569\",\n \"CVE-2022-21592\",\n \"CVE-2022-21595\",\n \"CVE-2022-21600\",\n \"CVE-2022-21605\",\n \"CVE-2022-21607\",\n \"CVE-2022-21635\",\n \"CVE-2022-21638\",\n \"CVE-2022-21641\",\n \"CVE-2023-21866\",\n \"CVE-2023-21872\"\n );\n script_xref(name:\"IAVA\", value:\"2021-A-0487\");\n script_xref(name:\"IAVA\", value:\"2022-A-0030\");\n script_xref(name:\"IAVA\", value:\"2022-A-0291\");\n script_xref(name:\"RHSA\", value:\"2022:7119\");\n script_xref(name:\"IAVA\", value:\"2022-A-0168-S\");\n\n script_name(english:\"RHEL 8 : mysql:8.0 (RHSA-2022:7119)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:7119 advisory.\n\n - mysql: Server: DML unspecified vulnerability (CPU Oct 2021) (CVE-2021-2478, CVE-2021-2479, CVE-2021-35591,\n CVE-2021-35607)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2021) (CVE-2021-2481, CVE-2021-35575,\n CVE-2021-35577, CVE-2021-35610, CVE-2021-35612, CVE-2021-35626, CVE-2021-35627, CVE-2021-35628,\n CVE-2021-35634, CVE-2021-35635, CVE-2021-35636, CVE-2021-35638, CVE-2021-35641, CVE-2021-35642,\n CVE-2021-35643, CVE-2021-35644, CVE-2021-35645, CVE-2021-35646, CVE-2021-35647)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Oct 2021) (CVE-2021-35546)\n\n - mysql: Server: Error Handling unspecified vulnerability (CPU Oct 2021) (CVE-2021-35596)\n\n - mysql: C API unspecified vulnerability (CPU Oct 2021) (CVE-2021-35597)\n\n - mysql: Server: Options unspecified vulnerability (CPU Oct 2021) (CVE-2021-35602, CVE-2021-35630)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Oct 2021) (CVE-2021-35608)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2021) (CVE-2021-35622)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Oct 2021) (CVE-2021-35623)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Oct 2021) (CVE-2021-35624,\n CVE-2021-35625)\n\n - mysql: Server: GIS unspecified vulnerability (CPU Oct 2021) (CVE-2021-35631)\n\n - mysql: Server: Data Dictionary unspecified vulnerability (CPU Oct 2021) (CVE-2021-35632)\n\n - mysql: Server: Logging unspecified vulnerability (CPU Oct 2021) (CVE-2021-35633)\n\n - mysql: Server: PS unspecified vulnerability (CPU Oct 2021) (CVE-2021-35637)\n\n - mysql: Server: Stored Procedure unspecified vulnerability (CPU Oct 2021) (CVE-2021-35639)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Oct 2021) (CVE-2021-35640)\n\n - mysql: Server: FTS unspecified vulnerability (CPU Oct 2021) (CVE-2021-35648)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2022) (CVE-2022-21245)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jan 2022) (CVE-2022-21249)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2022) (CVE-2022-21253, CVE-2022-21254,\n CVE-2022-21264, CVE-2022-21265, CVE-2022-21278, CVE-2022-21297, CVE-2022-21339, CVE-2022-21342,\n CVE-2022-21351, CVE-2022-21370, CVE-2022-21378)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Jan 2022) (CVE-2022-21256,\n CVE-2022-21379)\n\n - mysql: Server: Federated unspecified vulnerability (CPU Jan 2022) (CVE-2022-21270)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jan 2022) (CVE-2022-21301)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jan 2022) (CVE-2022-21302, CVE-2022-21348, CVE-2022-21352)\n\n - mysql: Server: Stored Procedure unspecified vulnerability (CPU Jan 2022) (CVE-2022-21303)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jan 2022) (CVE-2022-21304)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Jan 2022) (CVE-2022-21344)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2022) (CVE-2022-21358,\n CVE-2022-21372)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Jan 2022) (CVE-2022-21362,\n CVE-2022-21374)\n\n - mysql: Server: Compiling unspecified vulnerability (CPU Jan 2022) (CVE-2022-21367)\n\n - mysql: Server: Components Services unspecified vulnerability (CPU Jan 2022) (CVE-2022-21368)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2022) (CVE-2022-21412, CVE-2022-21414,\n CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21440, CVE-2022-21452,\n CVE-2022-21459, CVE-2022-21462, CVE-2022-21478, CVE-2022-21479)\n\n - mysql: Server: DML unspecified vulnerability (CPU Apr 2022) (CVE-2022-21413)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Apr 2022) (CVE-2022-21415)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2022) (CVE-2022-21417, CVE-2022-21418, CVE-2022-21423,\n CVE-2022-21451)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Apr 2022) (CVE-2022-21425, CVE-2022-21444)\n\n - mysql: Server: FTS unspecified vulnerability (CPU Apr 2022) (CVE-2022-21427)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2022) (CVE-2022-21454)\n\n - mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Jul 2022) (CVE-2022-21455)\n\n - mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Apr 2022) (CVE-2022-21457)\n\n - mysql: Server: Logging unspecified vulnerability (CPU Apr 2022) (CVE-2022-21460)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2022) (CVE-2022-21509, CVE-2022-21525,\n CVE-2022-21526, CVE-2022-21527, CVE-2022-21528, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531,\n CVE-2022-21553, CVE-2022-21556, CVE-2022-21569)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jul 2022) (CVE-2022-21515)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2022) (CVE-2022-21517, CVE-2022-21537, CVE-2022-21539)\n\n - mysql: Server: Stored Procedure unspecified vulnerability (CPU Jul 2022) (CVE-2022-21522, CVE-2022-21534)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Jul 2022) (CVE-2022-21538)\n\n - mysql: Server: Federated unspecified vulnerability (CPU Jul 2022) (CVE-2022-21547)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2022) (CVE-2022-21592)\n\n - mysql: C API unspecified vulnerability (CPU Oct 2022) (CVE-2022-21595)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21600, CVE-2022-21607,\n CVE-2022-21638, CVE-2022-21641)\n\n - mysql: Server: Data Dictionary unspecified vulnerability (CPU Oct 2022) (CVE-2022-21605)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21635)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21866, CVE-2023-21872)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2481\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35546\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35625\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35626\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35627\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35638\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35641\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35643\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21245\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21249\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21253\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21254\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21256\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21264\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21265\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21270\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21301\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21339\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21342\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21344\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21348\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21352\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21367\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21370\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21379\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21412\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21413\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21414\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21415\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21417\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21436\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21437\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21438\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21459\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21515\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21517\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21522\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21525\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21526\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21527\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21528\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21530\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21531\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21537\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21553\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21569\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21592\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21638\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21641\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2023-21866\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2023-21872\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7119\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016089\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016090\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016093\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016101\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016104\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016105\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016106\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016110\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016111\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016112\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016114\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016118\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016119\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016122\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016124\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016126\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016127\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016128\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016131\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016132\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016134\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016137\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016138\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043621\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043625\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043626\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043627\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043638\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043641\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043643\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082638\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082641\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082643\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082649\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115287\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115288\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115289\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115292\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115298\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115299\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115300\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115301\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2142860\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2142862\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2142864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2142866\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2142867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2142874\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2142876\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2142878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2162273\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2162279\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-21368\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-21600\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mecab\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mecab-ipadic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mecab-ipadic-EUCJP\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:mysql-test\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar appstreams = {\n 'mysql:8.0': [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'mecab-0.996-2.module+el8.6.0+16523+5cb0e868', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'sp':'6', 'release':'8', 'el_string':'el8.0.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'sp':'6', 'release':'8', 'el_string':'el8.0.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-8.0.30-1.module+el8.6.0+16523+5cb0e868', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-common-8.0.30-1.module+el8.6.0+16523+5cb0e868', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-devel-8.0.30-1.module+el8.6.0+16523+5cb0e868', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-errmsg-8.0.30-1.module+el8.6.0+16523+5cb0e868', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-libs-8.0.30-1.module+el8.6.0+16523+5cb0e868', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-server-8.0.30-1.module+el8.6.0+16523+5cb0e868', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-test-8.0.30-1.module+el8.6.0+16523+5cb0e868', 'sp':'6', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'mecab-0.996-2.module+el8.6.0+16523+5cb0e868', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'release':'8', 'el_string':'el8.0.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.0.0+3898+e09bb8de', 'release':'8', 'el_string':'el8.0.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-8.0.30-1.module+el8.6.0+16523+5cb0e868', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-common-8.0.30-1.module+el8.6.0+16523+5cb0e868', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-devel-8.0.30-1.module+el8.6.0+16523+5cb0e868', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-errmsg-8.0.30-1.module+el8.6.0+16523+5cb0e868', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-libs-8.0.30-1.module+el8.6.0+16523+5cb0e868', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-server-8.0.30-1.module+el8.6.0+16523+5cb0e868', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mysql-test-8.0.30-1.module+el8.6.0+16523+5cb0e868', 'release':'8', 'el_string':'el8.6.0', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n ]\n};\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/mysql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');\nif ('8.0' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module mysql:' + module_ver);\n\nvar flag = 0;\nvar appstreams_found = 0;\nforeach var module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach var module_array ( appstreams[module] ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var package_array ( module_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp']) && !enterprise_linux_flag) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mecab / mecab-ipadic / mecab-ipadic-EUCJP / mysql / mysql-common / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:36:47", "description": "The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2022:7119 advisory.\n\n - mysql: Server: DML unspecified vulnerability (CPU Oct 2021) (CVE-2021-2478, CVE-2021-2479, CVE-2021-35591, CVE-2021-35607)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2021) (CVE-2021-2481, CVE-2021-35575, CVE-2021-35577, CVE-2021-35610, CVE-2021-35612, CVE-2021-35626, CVE-2021-35627, CVE-2021-35628, CVE-2021-35634, CVE-2021-35635, CVE-2021-35636, CVE-2021-35638, CVE-2021-35641, CVE-2021-35642, CVE-2021-35643, CVE-2021-35644, CVE-2021-35645, CVE-2021-35646, CVE-2021-35647)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Oct 2021) (CVE-2021-35546)\n\n - mysql: Server: Error Handling unspecified vulnerability (CPU Oct 2021) (CVE-2021-35596)\n\n - mysql: C API unspecified vulnerability (CPU Oct 2021) (CVE-2021-35597)\n\n - mysql: Server: Options unspecified vulnerability (CPU Oct 2021) (CVE-2021-35602, CVE-2021-35630)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Oct 2021) (CVE-2021-35608)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2021) (CVE-2021-35622)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Oct 2021) (CVE-2021-35623)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Oct 2021) (CVE-2021-35624, CVE-2021-35625)\n\n - mysql: Server: GIS unspecified vulnerability (CPU Oct 2021) (CVE-2021-35631)\n\n - mysql: Server: Data Dictionary unspecified vulnerability (CPU Oct 2021) (CVE-2021-35632)\n\n - mysql: Server: Logging unspecified vulnerability (CPU Oct 2021) (CVE-2021-35633)\n\n - mysql: Server: PS unspecified vulnerability (CPU Oct 2021) (CVE-2021-35637)\n\n - mysql: Server: Stored Procedure unspecified vulnerability (CPU Oct 2021) (CVE-2021-35639)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Oct 2021) (CVE-2021-35640)\n\n - mysql: Server: FTS unspecified vulnerability (CPU Oct 2021) (CVE-2021-35648)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2022) (CVE-2022-21245)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jan 2022) (CVE-2022-21249)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2022) (CVE-2022-21253, CVE-2022-21254, CVE-2022-21264, CVE-2022-21265, CVE-2022-21278, CVE-2022-21297, CVE-2022-21339, CVE-2022-21342, CVE-2022-21351, CVE-2022-21370, CVE-2022-21378)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Jan 2022) (CVE-2022-21256, CVE-2022-21379)\n\n - mysql: Server: Federated unspecified vulnerability (CPU Jan 2022) (CVE-2022-21270)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jan 2022) (CVE-2022-21301)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jan 2022) (CVE-2022-21302, CVE-2022-21348, CVE-2022-21352)\n\n - mysql: Server: Stored Procedure unspecified vulnerability (CPU Jan 2022) (CVE-2022-21303)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jan 2022) (CVE-2022-21304)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Jan 2022) (CVE-2022-21344)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2022) (CVE-2022-21358, CVE-2022-21372)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Jan 2022) (CVE-2022-21362, CVE-2022-21374)\n\n - mysql: Server: Compiling unspecified vulnerability (CPU Jan 2022) (CVE-2022-21367)\n\n - mysql: Server: Components Services unspecified vulnerability (CPU Jan 2022) (CVE-2022-21368)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2022) (CVE-2022-21412, CVE-2022-21414, CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21440, CVE-2022-21452, CVE-2022-21459, CVE-2022-21462, CVE-2022-21478, CVE-2022-21479)\n\n - mysql: Server: DML unspecified vulnerability (CPU Apr 2022) (CVE-2022-21413)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Apr 2022) (CVE-2022-21415)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2022) (CVE-2022-21417, CVE-2022-21418, CVE-2022-21423, CVE-2022-21451)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Apr 2022) (CVE-2022-21425, CVE-2022-21444)\n\n - mysql: Server: FTS unspecified vulnerability (CPU Apr 2022) (CVE-2022-21427)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2022) (CVE-2022-21454)\n\n - mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Jul 2022) (CVE-2022-21455)\n\n - mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Apr 2022) (CVE-2022-21457)\n\n - mysql: Server: Logging unspecified vulnerability (CPU Apr 2022) (CVE-2022-21460)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2022) (CVE-2022-21509, CVE-2022-21525, CVE-2022-21526, CVE-2022-21527, CVE-2022-21528, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531, CVE-2022-21553, CVE-2022-21556, CVE-2022-21569)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jul 2022) (CVE-2022-21515)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2022) (CVE-2022-21517, CVE-2022-21537, CVE-2022-21539)\n\n - mysql: Server: Stored Procedure unspecified vulnerability (CPU Jul 2022) (CVE-2022-21522, CVE-2022-21534)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Jul 2022) (CVE-2022-21538)\n\n - mysql: Server: Federated unspecified vulnerability (CPU Jul 2022) (CVE-2022-21547)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2022) (CVE-2022-21592)\n\n - mysql: C API unspecified vulnerability (CPU Oct 2022) (CVE-2022-21595)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21600, CVE-2022-21607, CVE-2022-21638, CVE-2022-21641)\n\n - mysql: Server: Data Dictionary unspecified vulnerability (CPU Oct 2022) (CVE-2022-21605)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21635)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21866, CVE-2023-21872)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-25T00:00:00", "type": "nessus", "title": "CentOS 8 : mysql:8.0 (CESA-2022:7119)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-2478", "CVE-2021-2479", "CVE-2021-2481", "CVE-2021-35546", "CVE-2021-35575", "CVE-2021-35577", "CVE-2021-35591", "CVE-2021-35596", "CVE-2021-35597", "CVE-2021-35602", "CVE-2021-35604", "CVE-2021-35607", "CVE-2021-35608", "CVE-2021-35610", "CVE-2021-35612", "CVE-2021-35622", "CVE-2021-35623", "CVE-2021-35624", "CVE-2021-35625", "CVE-2021-35626", "CVE-2021-35627", "CVE-2021-35628", "CVE-2021-35630", "CVE-2021-35631", "CVE-2021-35632", "CVE-2021-35633", "CVE-2021-35634", "CVE-2021-35635", "CVE-2021-35636", "CVE-2021-35637", "CVE-2021-35638", "CVE-2021-35639", "CVE-2021-35640", "CVE-2021-35641", "CVE-2021-35642", "CVE-2021-35643", "CVE-2021-35644", "CVE-2021-35645", "CVE-2021-35646", "CVE-2021-35647", "CVE-2021-35648", "CVE-2022-21245", "CVE-2022-21249", "CVE-2022-21253", "CVE-2022-21254", "CVE-2022-21256", "CVE-2022-21264", "CVE-2022-21265", "CVE-2022-21270", "CVE-2022-21278", "CVE-2022-21297", "CVE-2022-21301", "CVE-2022-21302", "CVE-2022-21303", "CVE-2022-21304", "CVE-2022-21339", "CVE-2022-21342", "CVE-2022-21344", "CVE-2022-21348", "CVE-2022-21351", "CVE-2022-21352", "CVE-2022-21358", "CVE-2022-21362", "CVE-2022-21367", "CVE-2022-21368", "CVE-2022-21370", "CVE-2022-21372", "CVE-2022-21374", "CVE-2022-21378", "CVE-2022-21379", "CVE-2022-21412", "CVE-2022-21413", "CVE-2022-21414", "CVE-2022-21415", "CVE-2022-21417", "CVE-2022-21418", "CVE-2022-21423", "CVE-2022-21425", "CVE-2022-21427", "CVE-2022-21435", "CVE-2022-21436", "CVE-2022-21437", "CVE-2022-21438", "CVE-2022-21440", "CVE-2022-21444", "CVE-2022-21451", "CVE-2022-21452", "CVE-2022-21454", "CVE-2022-21455", "CVE-2022-21457", "CVE-2022-21459", "CVE-2022-21460", "CVE-2022-21462", "CVE-2022-21478", "CVE-2022-21479", "CVE-2022-21509", "CVE-2022-21515", "CVE-2022-21517", "CVE-2022-21522", "CVE-2022-21525", "CVE-2022-21526", "CVE-2022-21527", "CVE-2022-21528", "CVE-2022-21529", "CVE-2022-21530", "CVE-2022-21531", "CVE-2022-21534", "CVE-2022-21537", "CVE-2022-21538", "CVE-2022-21539", "CVE-2022-21547", "CVE-2022-21553", "CVE-2022-21556", "CVE-2022-21569", "CVE-2022-21592", "CVE-2022-21595", "CVE-2022-21600", "CVE-2022-21605", "CVE-2022-21607", "CVE-2022-21635", "CVE-2022-21638", "CVE-2022-21641", "CVE-2023-21866", "CVE-2023-21872"], "modified": "2023-02-08T00:00:00", "cpe": ["cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:mecab-ipadic", "p-cpe:/a:centos:centos:mecab-ipadic-eucjp"], "id": "CENTOS8_RHSA-2022-7119.NASL", "href": "https://www.tenable.com/plugins/nessus/166460", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2022:7119. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166460);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\n \"CVE-2021-2478\",\n \"CVE-2021-2479\",\n \"CVE-2021-2481\",\n \"CVE-2021-35546\",\n \"CVE-2021-35575\",\n \"CVE-2021-35577\",\n \"CVE-2021-35591\",\n \"CVE-2021-35596\",\n \"CVE-2021-35597\",\n \"CVE-2021-35602\",\n \"CVE-2021-35604\",\n \"CVE-2021-35607\",\n \"CVE-2021-35608\",\n \"CVE-2021-35610\",\n \"CVE-2021-35612\",\n \"CVE-2021-35622\",\n \"CVE-2021-35623\",\n \"CVE-2021-35624\",\n \"CVE-2021-35625\",\n \"CVE-2021-35626\",\n \"CVE-2021-35627\",\n \"CVE-2021-35628\",\n \"CVE-2021-35630\",\n \"CVE-2021-35631\",\n \"CVE-2021-35632\",\n \"CVE-2021-35633\",\n \"CVE-2021-35634\",\n \"CVE-2021-35635\",\n \"CVE-2021-35636\",\n \"CVE-2021-35637\",\n \"CVE-2021-35638\",\n \"CVE-2021-35639\",\n \"CVE-2021-35640\",\n \"CVE-2021-35641\",\n \"CVE-2021-35642\",\n \"CVE-2021-35643\",\n \"CVE-2021-35644\",\n \"CVE-2021-35645\",\n \"CVE-2021-35646\",\n \"CVE-2021-35647\",\n \"CVE-2021-35648\",\n \"CVE-2022-21245\",\n \"CVE-2022-21249\",\n \"CVE-2022-21253\",\n \"CVE-2022-21254\",\n \"CVE-2022-21256\",\n \"CVE-2022-21264\",\n \"CVE-2022-21265\",\n \"CVE-2022-21270\",\n \"CVE-2022-21278\",\n \"CVE-2022-21297\",\n \"CVE-2022-21301\",\n \"CVE-2022-21302\",\n \"CVE-2022-21303\",\n \"CVE-2022-21304\",\n \"CVE-2022-21339\",\n \"CVE-2022-21342\",\n \"CVE-2022-21344\",\n \"CVE-2022-21348\",\n \"CVE-2022-21351\",\n \"CVE-2022-21352\",\n \"CVE-2022-21358\",\n \"CVE-2022-21362\",\n \"CVE-2022-21367\",\n \"CVE-2022-21368\",\n \"CVE-2022-21370\",\n \"CVE-2022-21372\",\n \"CVE-2022-21374\",\n \"CVE-2022-21378\",\n \"CVE-2022-21379\",\n \"CVE-2022-21412\",\n \"CVE-2022-21413\",\n \"CVE-2022-21414\",\n \"CVE-2022-21415\",\n \"CVE-2022-21417\",\n \"CVE-2022-21418\",\n \"CVE-2022-21423\",\n \"CVE-2022-21425\",\n \"CVE-2022-21427\",\n \"CVE-2022-21435\",\n \"CVE-2022-21436\",\n \"CVE-2022-21437\",\n \"CVE-2022-21438\",\n \"CVE-2022-21440\",\n \"CVE-2022-21444\",\n \"CVE-2022-21451\",\n \"CVE-2022-21452\",\n \"CVE-2022-21454\",\n \"CVE-2022-21455\",\n \"CVE-2022-21457\",\n \"CVE-2022-21459\",\n \"CVE-2022-21460\",\n \"CVE-2022-21462\",\n \"CVE-2022-21478\",\n \"CVE-2022-21479\",\n \"CVE-2022-21509\",\n \"CVE-2022-21515\",\n \"CVE-2022-21517\",\n \"CVE-2022-21522\",\n \"CVE-2022-21525\",\n \"CVE-2022-21526\",\n \"CVE-2022-21527\",\n \"CVE-2022-21528\",\n \"CVE-2022-21529\",\n \"CVE-2022-21530\",\n \"CVE-2022-21531\",\n \"CVE-2022-21534\",\n \"CVE-2022-21537\",\n \"CVE-2022-21538\",\n \"CVE-2022-21539\",\n \"CVE-2022-21547\",\n \"CVE-2022-21553\",\n \"CVE-2022-21556\",\n \"CVE-2022-21569\",\n \"CVE-2022-21592\",\n \"CVE-2022-21595\",\n \"CVE-2022-21600\",\n \"CVE-2022-21605\",\n \"CVE-2022-21607\",\n \"CVE-2022-21635\",\n \"CVE-2022-21638\",\n \"CVE-2022-21641\"\n );\n script_xref(name:\"RHSA\", value:\"2022:7119\");\n\n script_name(english:\"CentOS 8 : mysql:8.0 (CESA-2022:7119)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nCESA-2022:7119 advisory.\n\n - mysql: Server: DML unspecified vulnerability (CPU Oct 2021) (CVE-2021-2478, CVE-2021-2479, CVE-2021-35591,\n CVE-2021-35607)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2021) (CVE-2021-2481, CVE-2021-35575,\n CVE-2021-35577, CVE-2021-35610, CVE-2021-35612, CVE-2021-35626, CVE-2021-35627, CVE-2021-35628,\n CVE-2021-35634, CVE-2021-35635, CVE-2021-35636, CVE-2021-35638, CVE-2021-35641, CVE-2021-35642,\n CVE-2021-35643, CVE-2021-35644, CVE-2021-35645, CVE-2021-35646, CVE-2021-35647)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Oct 2021) (CVE-2021-35546)\n\n - mysql: Server: Error Handling unspecified vulnerability (CPU Oct 2021) (CVE-2021-35596)\n\n - mysql: C API unspecified vulnerability (CPU Oct 2021) (CVE-2021-35597)\n\n - mysql: Server: Options unspecified vulnerability (CPU Oct 2021) (CVE-2021-35602, CVE-2021-35630)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Oct 2021) (CVE-2021-35608)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2021) (CVE-2021-35622)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Oct 2021) (CVE-2021-35623)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Oct 2021) (CVE-2021-35624,\n CVE-2021-35625)\n\n - mysql: Server: GIS unspecified vulnerability (CPU Oct 2021) (CVE-2021-35631)\n\n - mysql: Server: Data Dictionary unspecified vulnerability (CPU Oct 2021) (CVE-2021-35632)\n\n - mysql: Server: Logging unspecified vulnerability (CPU Oct 2021) (CVE-2021-35633)\n\n - mysql: Server: PS unspecified vulnerability (CPU Oct 2021) (CVE-2021-35637)\n\n - mysql: Server: Stored Procedure unspecified vulnerability (CPU Oct 2021) (CVE-2021-35639)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Oct 2021) (CVE-2021-35640)\n\n - mysql: Server: FTS unspecified vulnerability (CPU Oct 2021) (CVE-2021-35648)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2022) (CVE-2022-21245)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jan 2022) (CVE-2022-21249)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2022) (CVE-2022-21253, CVE-2022-21254,\n CVE-2022-21264, CVE-2022-21265, CVE-2022-21278, CVE-2022-21297, CVE-2022-21339, CVE-2022-21342,\n CVE-2022-21351, CVE-2022-21370, CVE-2022-21378)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Jan 2022) (CVE-2022-21256,\n CVE-2022-21379)\n\n - mysql: Server: Federated unspecified vulnerability (CPU Jan 2022) (CVE-2022-21270)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jan 2022) (CVE-2022-21301)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jan 2022) (CVE-2022-21302, CVE-2022-21348, CVE-2022-21352)\n\n - mysql: Server: Stored Procedure unspecified vulnerability (CPU Jan 2022) (CVE-2022-21303)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jan 2022) (CVE-2022-21304)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Jan 2022) (CVE-2022-21344)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2022) (CVE-2022-21358,\n CVE-2022-21372)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Jan 2022) (CVE-2022-21362,\n CVE-2022-21374)\n\n - mysql: Server: Compiling unspecified vulnerability (CPU Jan 2022) (CVE-2022-21367)\n\n - mysql: Server: Components Services unspecified vulnerability (CPU Jan 2022) (CVE-2022-21368)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2022) (CVE-2022-21412, CVE-2022-21414,\n CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21440, CVE-2022-21452,\n CVE-2022-21459, CVE-2022-21462, CVE-2022-21478, CVE-2022-21479)\n\n - mysql: Server: DML unspecified vulnerability (CPU Apr 2022) (CVE-2022-21413)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Apr 2022) (CVE-2022-21415)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2022) (CVE-2022-21417, CVE-2022-21418, CVE-2022-21423,\n CVE-2022-21451)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Apr 2022) (CVE-2022-21425, CVE-2022-21444)\n\n - mysql: Server: FTS unspecified vulnerability (CPU Apr 2022) (CVE-2022-21427)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2022) (CVE-2022-21454)\n\n - mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Jul 2022) (CVE-2022-21455)\n\n - mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Apr 2022) (CVE-2022-21457)\n\n - mysql: Server: Logging unspecified vulnerability (CPU Apr 2022) (CVE-2022-21460)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2022) (CVE-2022-21509, CVE-2022-21525,\n CVE-2022-21526, CVE-2022-21527, CVE-2022-21528, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531,\n CVE-2022-21553, CVE-2022-21556, CVE-2022-21569)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jul 2022) (CVE-2022-21515)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2022) (CVE-2022-21517, CVE-2022-21537, CVE-2022-21539)\n\n - mysql: Server: Stored Procedure unspecified vulnerability (CPU Jul 2022) (CVE-2022-21522, CVE-2022-21534)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Jul 2022) (CVE-2022-21538)\n\n - mysql: Server: Federated unspecified vulnerability (CPU Jul 2022) (CVE-2022-21547)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2022) (CVE-2022-21592)\n\n - mysql: C API unspecified vulnerability (CPU Oct 2022) (CVE-2022-21595)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21600, CVE-2022-21607,\n CVE-2022-21638, CVE-2022-21641)\n\n - mysql: Server: Data Dictionary unspecified vulnerability (CPU Oct 2022) (CVE-2022-21605)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21635)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21866, CVE-2023-21872)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7119\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected mecab-ipadic and / or mecab-ipadic-EUCJP packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-21368\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-21600\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mecab-ipadic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:mecab-ipadic-EUCJP\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/CentOS/release');\nif (isnull(os_release) || 'CentOS' >!< os_release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< os_release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar module_ver = get_kb_item('Host/RedHat/appstream/mysql');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');\nif ('8.0' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module mysql:' + module_ver);\n\nvar appstreams = {\n 'mysql:8.0': [\n {'reference':'mecab-ipadic-2.7.0.20070801-16.module_el8.0.0+41+ca30bab6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-2.7.0.20070801-16.module_el8.0.0+41+ca30bab6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module_el8.0.0+41+ca30bab6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module_el8.0.0+41+ca30bab6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n};\n\nvar flag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n var appstream = NULL;\n var appstream_name = NULL;\n var appstream_version = NULL;\n var appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mecab-ipadic / mecab-ipadic-EUCJP');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T20:31:35", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6518 advisory.\n\n - mysql: Server: DML unspecified vulnerability (CPU Oct 2021) (CVE-2021-2478, CVE-2021-2479, CVE-2021-35591, CVE-2021-35607)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2021) (CVE-2021-2481, CVE-2021-35575, CVE-2021-35577, CVE-2021-35610, CVE-2021-35612, CVE-2021-35626, CVE-2021-35627, CVE-2021-35628, CVE-2021-35634, CVE-2021-35635, CVE-2021-35636, CVE-2021-35638, CVE-2021-35641, CVE-2021-35642, CVE-2021-35643, CVE-2021-35644, CVE-2021-35645, CVE-2021-35646, CVE-2021-35647)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Oct 2021) (CVE-2021-35546)\n\n - mysql: Server: Error Handling unspecified vulnerability (CPU Oct 2021) (CVE-2021-35596)\n\n - mysql: C API unspecified vulnerability (CPU Oct 2021) (CVE-2021-35597)\n\n - mysql: Server: Options unspecified vulnerability (CPU Oct 2021) (CVE-2021-35602, CVE-2021-35630)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Oct 2021) (CVE-2021-35608)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2021) (CVE-2021-35622)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Oct 2021) (CVE-2021-35623)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Oct 2021) (CVE-2021-35624, CVE-2021-35625)\n\n - mysql: Server: GIS unspecified vulnerability (CPU Oct 2021) (CVE-2021-35631)\n\n - mysql: Server: Data Dictionary unspecified vulnerability (CPU Oct 2021) (CVE-2021-35632)\n\n - mysql: Server: Logging unspecified vulnerability (CPU Oct 2021) (CVE-2021-35633)\n\n - mysql: Server: PS unspecified vulnerability (CPU Oct 2021) (CVE-2021-35637)\n\n - mysql: Server: Stored Procedure unspecified vulnerability (CPU Oct 2021) (CVE-2021-35639)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Oct 2021) (CVE-2021-35640)\n\n - mysql: Server: FTS unspecified vulnerability (CPU Oct 2021) (CVE-2021-35648)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2022) (CVE-2022-21245)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jan 2022) (CVE-2022-21249)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2022) (CVE-2022-21253, CVE-2022-21254, CVE-2022-21264, CVE-2022-21265, CVE-2022-21278, CVE-2022-21297, CVE-2022-21339, CVE-2022-21342, CVE-2022-21351, CVE-2022-21370, CVE-2022-21378)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Jan 2022) (CVE-2022-21256, CVE-2022-21379)\n\n - mysql: Server: Federated unspecified vulnerability (CPU Jan 2022) (CVE-2022-21270)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jan 2022) (CVE-2022-21301)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jan 2022) (CVE-2022-21302, CVE-2022-21348, CVE-2022-21352)\n\n - mysql: Server: Stored Procedure unspecified vulnerability (CPU Jan 2022) (CVE-2022-21303)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jan 2022) (CVE-2022-21304)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Jan 2022) (CVE-2022-21344)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2022) (CVE-2022-21358, CVE-2022-21372)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Jan 2022) (CVE-2022-21362, CVE-2022-21374)\n\n - mysql: Server: Compiling unspecified vulnerability (CPU Jan 2022) (CVE-2022-21367)\n\n - mysql: Server: Components Services unspecified vulnerability (CPU Jan 2022) (CVE-2022-21368)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2022) (CVE-2022-21412, CVE-2022-21414, CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21440, CVE-2022-21452, CVE-2022-21459, CVE-2022-21462, CVE-2022-21478, CVE-2022-21479)\n\n - mysql: Server: DML unspecified vulnerability (CPU Apr 2022) (CVE-2022-21413)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Apr 2022) (CVE-2022-21415)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2022) (CVE-2022-21417, CVE-2022-21418, CVE-2022-21423, CVE-2022-21451)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Apr 2022) (CVE-2022-21425, CVE-2022-21444)\n\n - mysql: Server: FTS unspecified vulnerability (CPU Apr 2022) (CVE-2022-21427)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2022) (CVE-2022-21454)\n\n - mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Jul 2022) (CVE-2022-21455)\n\n - mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Apr 2022) (CVE-2022-21457)\n\n - mysql: Server: Logging unspecified vulnerability (CPU Apr 2022) (CVE-2022-21460)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2022) (CVE-2022-21509, CVE-2022-21525, CVE-2022-21526, CVE-2022-21527, CVE-2022-21528, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531, CVE-2022-21553, CVE-2022-21556, CVE-2022-21569)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jul 2022) (CVE-2022-21515)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2022) (CVE-2022-21517, CVE-2022-21537, CVE-2022-21539)\n\n - mysql: Server: Stored Procedure unspecified vulnerability (CPU Jul 2022) (CVE-2022-21522, CVE-2022-21534)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Jul 2022) (CVE-2022-21538)\n\n - mysql: Server: Federated unspecified vulnerability (CPU Jul 2022) (CVE-2022-21547)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2022) (CVE-2022-21592)\n\n - mysql: C API unspecified vulnerability (CPU Oct 2022) (CVE-2022-21595)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21600, CVE-2022-21607, CVE-2022-21638, CVE-2022-21641)\n\n - mysql: Server: Data Dictionary unspecified vulnerability (CPU Oct 2022) (CVE-2022-21605)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21635)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21866, CVE-2023-21872)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-14T00:00:00", "type": "nessus", "title": "RHEL 7 : rh-mysql80-mysql (RHSA-2022:6518)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-2478", "CVE-2021-2479", "CVE-2021-2481", "CVE-2021-35546", "CVE-2021-35575", "CVE-2021-35577", "CVE-2021-35591", "CVE-2021-35596", "CVE-2021-35597", "CVE-2021-35602", "CVE-2021-35604", "CVE-2021-35607", "CVE-2021-35608", "CVE-2021-35610", "CVE-2021-35612", "CVE-2021-35622", "CVE-2021-35623", "CVE-2021-35624", "CVE-2021-35625", "CVE-2021-35626", "CVE-2021-35627", "CVE-2021-35628", "CVE-2021-35630", "CVE-2021-35631", "CVE-2021-35632", "CVE-2021-35633", "CVE-2021-35634", "CVE-2021-35635", "CVE-2021-35636", "CVE-2021-35637", "CVE-2021-35638", "CVE-2021-35639", "CVE-2021-35640", "CVE-2021-35641", "CVE-2021-35642", "CVE-2021-35643", "CVE-2021-35644", "CVE-2021-35645", "CVE-2021-35646", "CVE-2021-35647", "CVE-2021-35648", "CVE-2022-21245", "CVE-2022-21249", "CVE-2022-21253", "CVE-2022-21254", "CVE-2022-21256", "CVE-2022-21264", "CVE-2022-21265", "CVE-2022-21270", "CVE-2022-21278", "CVE-2022-21297", "CVE-2022-21301", "CVE-2022-21302", "CVE-2022-21303", "CVE-2022-21304", "CVE-2022-21339", "CVE-2022-21342", "CVE-2022-21344", "CVE-2022-21348", "CVE-2022-21351", "CVE-2022-21352", "CVE-2022-21358", "CVE-2022-21362", "CVE-2022-21367", "CVE-2022-21368", "CVE-2022-21370", "CVE-2022-21372", "CVE-2022-21374", "CVE-2022-21378", "CVE-2022-21379", "CVE-2022-21412", "CVE-2022-21413", "CVE-2022-21414", "CVE-2022-21415", "CVE-2022-21417", "CVE-2022-21418", "CVE-2022-21423", "CVE-2022-21425", "CVE-2022-21427", "CVE-2022-21435", "CVE-2022-21436", "CVE-2022-21437", "CVE-2022-21438", "CVE-2022-21440", "CVE-2022-21444", "CVE-2022-21451", "CVE-2022-21452", "CVE-2022-21454", "CVE-2022-21455", "CVE-2022-21457", "CVE-2022-21459", "CVE-2022-21460", "CVE-2022-21462", "CVE-2022-21478", "CVE-2022-21479", "CVE-2022-21509", "CVE-2022-21515", "CVE-2022-21517", "CVE-2022-21522", "CVE-2022-21525", "CVE-2022-21526", "CVE-2022-21527", "CVE-2022-21528", "CVE-2022-21529", "CVE-2022-21530", "CVE-2022-21531", "CVE-2022-21534", "CVE-2022-21537", "CVE-2022-21538", "CVE-2022-21539", "CVE-2022-21547", "CVE-2022-21553", "CVE-2022-21556", "CVE-2022-21569", "CVE-2022-21592", "CVE-2022-21595", "CVE-2022-21600", "CVE-2022-21605", "CVE-2022-21607", "CVE-2022-21635", "CVE-2022-21638", "CVE-2022-21641", "CVE-2023-21866", "CVE-2023-21872"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql", "p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-common", "p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-config", "p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-config-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-devel", "p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-errmsg", "p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-icu-data-files", "p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-server", "p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-server-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-syspaths", "p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-test"], "id": "REDHAT-RHSA-2022-6518.NASL", "href": "https://www.tenable.com/plugins/nessus/165092", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:6518. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165092);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2021-2478\",\n \"CVE-2021-2479\",\n \"CVE-2021-2481\",\n \"CVE-2021-35546\",\n \"CVE-2021-35575\",\n \"CVE-2021-35577\",\n \"CVE-2021-35591\",\n \"CVE-2021-35596\",\n \"CVE-2021-35597\",\n \"CVE-2021-35602\",\n \"CVE-2021-35604\",\n \"CVE-2021-35607\",\n \"CVE-2021-35608\",\n \"CVE-2021-35610\",\n \"CVE-2021-35612\",\n \"CVE-2021-35622\",\n \"CVE-2021-35623\",\n \"CVE-2021-35624\",\n \"CVE-2021-35625\",\n \"CVE-2021-35626\",\n \"CVE-2021-35627\",\n \"CVE-2021-35628\",\n \"CVE-2021-35630\",\n \"CVE-2021-35631\",\n \"CVE-2021-35632\",\n \"CVE-2021-35633\",\n \"CVE-2021-35634\",\n \"CVE-2021-35635\",\n \"CVE-2021-35636\",\n \"CVE-2021-35637\",\n \"CVE-2021-35638\",\n \"CVE-2021-35639\",\n \"CVE-2021-35640\",\n \"CVE-2021-35641\",\n \"CVE-2021-35642\",\n \"CVE-2021-35643\",\n \"CVE-2021-35644\",\n \"CVE-2021-35645\",\n \"CVE-2021-35646\",\n \"CVE-2021-35647\",\n \"CVE-2021-35648\",\n \"CVE-2022-21245\",\n \"CVE-2022-21249\",\n \"CVE-2022-21253\",\n \"CVE-2022-21254\",\n \"CVE-2022-21256\",\n \"CVE-2022-21264\",\n \"CVE-2022-21265\",\n \"CVE-2022-21270\",\n \"CVE-2022-21278\",\n \"CVE-2022-21297\",\n \"CVE-2022-21301\",\n \"CVE-2022-21302\",\n \"CVE-2022-21303\",\n \"CVE-2022-21304\",\n \"CVE-2022-21339\",\n \"CVE-2022-21342\",\n \"CVE-2022-21344\",\n \"CVE-2022-21348\",\n \"CVE-2022-21351\",\n \"CVE-2022-21352\",\n \"CVE-2022-21358\",\n \"CVE-2022-21362\",\n \"CVE-2022-21367\",\n \"CVE-2022-21368\",\n \"CVE-2022-21370\",\n \"CVE-2022-21372\",\n \"CVE-2022-21374\",\n \"CVE-2022-21378\",\n \"CVE-2022-21379\",\n \"CVE-2022-21412\",\n \"CVE-2022-21413\",\n \"CVE-2022-21414\",\n \"CVE-2022-21415\",\n \"CVE-2022-21417\",\n \"CVE-2022-21418\",\n \"CVE-2022-21423\",\n \"CVE-2022-21425\",\n \"CVE-2022-21427\",\n \"CVE-2022-21435\",\n \"CVE-2022-21436\",\n \"CVE-2022-21437\",\n \"CVE-2022-21438\",\n \"CVE-2022-21440\",\n \"CVE-2022-21444\",\n \"CVE-2022-21451\",\n \"CVE-2022-21452\",\n \"CVE-2022-21454\",\n \"CVE-2022-21455\",\n \"CVE-2022-21457\",\n \"CVE-2022-21459\",\n \"CVE-2022-21460\",\n \"CVE-2022-21462\",\n \"CVE-2022-21478\",\n \"CVE-2022-21479\",\n \"CVE-2022-21509\",\n \"CVE-2022-21515\",\n \"CVE-2022-21517\",\n \"CVE-2022-21522\",\n \"CVE-2022-21525\",\n \"CVE-2022-21526\",\n \"CVE-2022-21527\",\n \"CVE-2022-21528\",\n \"CVE-2022-21529\",\n \"CVE-2022-21530\",\n \"CVE-2022-21531\",\n \"CVE-2022-21534\",\n \"CVE-2022-21537\",\n \"CVE-2022-21538\",\n \"CVE-2022-21539\",\n \"CVE-2022-21547\",\n \"CVE-2022-21553\",\n \"CVE-2022-21556\",\n \"CVE-2022-21569\"\n );\n script_xref(name:\"RHSA\", value:\"2022:6518\");\n\n script_name(english:\"RHEL 7 : rh-mysql80-mysql (RHSA-2022:6518)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:6518 advisory.\n\n - mysql: Server: DML unspecified vulnerability (CPU Oct 2021) (CVE-2021-2478, CVE-2021-2479, CVE-2021-35591,\n CVE-2021-35607)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2021) (CVE-2021-2481, CVE-2021-35575,\n CVE-2021-35577, CVE-2021-35610, CVE-2021-35612, CVE-2021-35626, CVE-2021-35627, CVE-2021-35628,\n CVE-2021-35634, CVE-2021-35635, CVE-2021-35636, CVE-2021-35638, CVE-2021-35641, CVE-2021-35642,\n CVE-2021-35643, CVE-2021-35644, CVE-2021-35645, CVE-2021-35646, CVE-2021-35647)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Oct 2021) (CVE-2021-35546)\n\n - mysql: Server: Error Handling unspecified vulnerability (CPU Oct 2021) (CVE-2021-35596)\n\n - mysql: C API unspecified vulnerability (CPU Oct 2021) (CVE-2021-35597)\n\n - mysql: Server: Options unspecified vulnerability (CPU Oct 2021) (CVE-2021-35602, CVE-2021-35630)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Oct 2021) (CVE-2021-35608)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2021) (CVE-2021-35622)\n\n - mysql: Server: Security: Roles unspecified vulnerability (CPU Oct 2021) (CVE-2021-35623)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Oct 2021) (CVE-2021-35624,\n CVE-2021-35625)\n\n - mysql: Server: GIS unspecified vulnerability (CPU Oct 2021) (CVE-2021-35631)\n\n - mysql: Server: Data Dictionary unspecified vulnerability (CPU Oct 2021) (CVE-2021-35632)\n\n - mysql: Server: Logging unspecified vulnerability (CPU Oct 2021) (CVE-2021-35633)\n\n - mysql: Server: PS unspecified vulnerability (CPU Oct 2021) (CVE-2021-35637)\n\n - mysql: Server: Stored Procedure unspecified vulnerability (CPU Oct 2021) (CVE-2021-35639)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Oct 2021) (CVE-2021-35640)\n\n - mysql: Server: FTS unspecified vulnerability (CPU Oct 2021) (CVE-2021-35648)\n\n - mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2022) (CVE-2022-21245)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Jan 2022) (CVE-2022-21249)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2022) (CVE-2022-21253, CVE-2022-21254,\n CVE-2022-21264, CVE-2022-21265, CVE-2022-21278, CVE-2022-21297, CVE-2022-21339, CVE-2022-21342,\n CVE-2022-21351, CVE-2022-21370, CVE-2022-21378)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Jan 2022) (CVE-2022-21256,\n CVE-2022-21379)\n\n - mysql: Server: Federated unspecified vulnerability (CPU Jan 2022) (CVE-2022-21270)\n\n - mysql: Server: DML unspecified vulnerability (CPU Jan 2022) (CVE-2022-21301)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jan 2022) (CVE-2022-21302, CVE-2022-21348, CVE-2022-21352)\n\n - mysql: Server: Stored Procedure unspecified vulnerability (CPU Jan 2022) (CVE-2022-21303)\n\n - mysql: Server: Parser unspecified vulnerability (CPU Jan 2022) (CVE-2022-21304)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Jan 2022) (CVE-2022-21344)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2022) (CVE-2022-21358,\n CVE-2022-21372)\n\n - mysql: Server: Information Schema unspecified vulnerability (CPU Jan 2022) (CVE-2022-21362,\n CVE-2022-21374)\n\n - mysql: Server: Compiling unspecified vulnerability (CPU Jan 2022) (CVE-2022-21367)\n\n - mysql: Server: Components Services unspecified vulnerability (CPU Jan 2022) (CVE-2022-21368)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2022) (CVE-2022-21412, CVE-2022-21414,\n CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21440, CVE-2022-21452,\n CVE-2022-21459, CVE-2022-21462, CVE-2022-21478, CVE-2022-21479)\n\n - mysql: Server: DML unspecified vulnerability (CPU Apr 2022) (CVE-2022-21413)\n\n - mysql: Server: Replication unspecified vulnerability (CPU Apr 2022) (CVE-2022-21415)\n\n - mysql: InnoDB unspecified vulnerability (CPU Apr 2022) (CVE-2022-21417, CVE-2022-21418, CVE-2022-21423,\n CVE-2022-21451)\n\n - mysql: Server: DDL unspecified vulnerability (CPU Apr 2022) (CVE-2022-21425, CVE-2022-21444)\n\n - mysql: Server: FTS unspecified vulnerability (CPU Apr 2022) (CVE-2022-21427)\n\n - mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2022) (CVE-2022-21454)\n\n - mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Jul 2022) (CVE-2022-21455)\n\n - mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Apr 2022) (CVE-2022-21457)\n\n - mysql: Server: Logging unspecified vulnerability (CPU Apr 2022) (CVE-2022-21460)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2022) (CVE-2022-21509, CVE-2022-21525,\n CVE-2022-21526, CVE-2022-21527, CVE-2022-21528, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531,\n CVE-2022-21553, CVE-2022-21556, CVE-2022-21569)\n\n - mysql: Server: Options unspecified vulnerability (CPU Jul 2022) (CVE-2022-21515)\n\n - mysql: InnoDB unspecified vulnerability (CPU Jul 2022) (CVE-2022-21517, CVE-2022-21537, CVE-2022-21539)\n\n - mysql: Server: Stored Procedure unspecified vulnerability (CPU Jul 2022) (CVE-2022-21522, CVE-2022-21534)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Jul 2022) (CVE-2022-21538)\n\n - mysql: Server: Federated unspecified vulnerability (CPU Jul 2022) (CVE-2022-21547)\n\n - mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2022) (CVE-2022-21592)\n\n - mysql: C API unspecified vulnerability (CPU Oct 2022) (CVE-2022-21595)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2022) (CVE-2022-21600, CVE-2022-21607,\n CVE-2022-21638, CVE-2022-21641)\n\n - mysql: Server: Data Dictionary unspecified vulnerability (CPU Oct 2022) (CVE-2022-21605)\n\n - mysql: InnoDB unspecified vulnerability (CPU Oct 2022) (CVE-2022-21635)\n\n - mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2023) (CVE-2023-21866, CVE-2023-21872)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-2481\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35546\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35575\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35577\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35591\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35596\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35597\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35612\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35625\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35626\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35627\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35638\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35641\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35643\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-35648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21245\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21249\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21253\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21254\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21256\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21264\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21265\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21270\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21301\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21302\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21303\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21339\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21342\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21344\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21348\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21351\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21352\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21358\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21362\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21367\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21370\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21372\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21374\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21378\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21379\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21412\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21413\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21414\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21415\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21417\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21418\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21423\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21435\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21436\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21437\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21438\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21440\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21451\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21452\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21454\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21455\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21457\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21459\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21460\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21462\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21478\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21509\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21515\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21517\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21522\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21525\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21526\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21527\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21528\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21529\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21530\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21531\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21534\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21537\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21538\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21539\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21547\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21553\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21556\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21569\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21592\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21595\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21600\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21638\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21641\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2023-21866\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2023-21872\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:6518\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016089\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016090\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016093\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016094\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016095\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016097\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016098\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016099\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016100\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016101\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016104\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016105\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016106\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016107\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016108\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016109\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016110\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016111\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016112\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016113\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016114\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016117\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016118\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016119\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016120\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016122\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016124\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016126\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016127\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016128\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016129\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016130\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016131\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016132\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016133\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016134\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016135\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016137\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2016138\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043620\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043621\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043622\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043623\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043624\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043625\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043626\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043627\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043628\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043629\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043630\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043633\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043638\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043641\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043643\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2043648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082636\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082638\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082641\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082642\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082643\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082644\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082645\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082647\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082648\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082649\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082651\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082652\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082653\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082654\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082656\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082657\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2082659\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115283\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115285\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115286\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115287\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115288\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115289\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115292\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115293\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115294\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115295\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115296\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115298\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115299\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115300\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115301\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2142860\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2142862\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2142864\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2142866\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2142867\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2142874\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2142876\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2142878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2162273\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2162279\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-21368\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-21351\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-config-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-errmsg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-icu-data-files\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-server-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-syspaths\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-test\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/os',\n 'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'rh-mysql80-mysql-8.0.30-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-8.0.30-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-8.0.30-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-common-8.0.30-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-common-8.0.30-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-common-8.0.30-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-config-8.0.30-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-config-8.0.30-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-config-8.0.30-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-config-syspaths-8.0.30-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-config-syspaths-8.0.30-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-config-syspaths-8.0.30-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-devel-8.0.30-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-devel-8.0.30-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-devel-8.0.30-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-errmsg-8.0.30-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-errmsg-8.0.30-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-errmsg-8.0.30-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-icu-data-files-8.0.30-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-icu-data-files-8.0.30-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-icu-data-files-8.0.30-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-server-8.0.30-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-server-8.0.30-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-server-8.0.30-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-server-syspaths-8.0.30-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-server-syspaths-8.0.30-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-server-syspaths-8.0.30-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-syspaths-8.0.30-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-syspaths-8.0.30-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-syspaths-8.0.30-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-test-8.0.30-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-test-8.0.30-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rh-mysql80-mysql-test-8.0.30-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-mysql80-mysql / rh-mysql80-mysql-common / rh-mysql80-mysql-config / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntu": [{"lastseen": "2023-06-14T15:19:46", "description": "## Releases\n\n * Ubuntu 16.04 ESM\n\n## Packages\n\n * mysql-5.7 \\- MySQL database\n\nUSN-5400-1 fixed several vulnerabilities in MySQL. This update provides \nthe corresponding update for Ubuntu 16.04 ESM.\n\nOriginal advisory details:\n\nMultiple security issues were discovered in MySQL and this update includes \nnew upstream MySQL versions to fix these issues.\n\nMySQL has been updated in Ubuntu 16.04 ESM to MySQL 5.7.38.\n\nIn addition to security fixes, the updated packages contain bug fixes, new \nfeatures, and possibly incompatible changes.\n\nPlease see the following for more information:\n\n<https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-38.html> \n<https://www.oracle.com/security-alerts/cpuapr2022.html>\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-04T00:00:00", "type": "ubuntu", "title": "MySQL vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21417", "CVE-2022-21427", "CVE-2022-21444", "CVE-2022-21451", "CVE-2022-21454", "CVE-2022-21460"], "modified": "2022-05-04T00:00:00", "id": "USN-5400-2", "href": "https://ubuntu.com/security/notices/USN-5400-2", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2023-08-04T22:55:20", "description": "## Releases\n\n * Ubuntu 22.04 LTS\n * Ubuntu 21.10 \n * Ubuntu 20.04 LTS\n * Ubuntu 18.04 ESM\n\n## Packages\n\n * mysql-5.7 \\- MySQL database\n * mysql-8.0 \\- MySQL database\n\nMultiple security issues were discovered in MySQL and this update includes \nnew upstream MySQL versions to fix these issues.\n\nMySQL has been updated to 8.0.29 in Ubuntu 20.04 LTS, Ubuntu 21.10, and \nUbuntu 22.04 LTS. Ubuntu 18.04 LTS has been updated to MySQL 5.7.38.\n\nIn addition to security fixes, the updated packages contain bug fixes, new \nfeatures, and possibly incompatible changes.\n\nPlease see the following for more information:\n\n<https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-38.html> \n<https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-29.html> \n<https://www.oracle.com/security-alerts/cpuapr2022.html>\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-03T00:00:00", "type": "ubuntu", "title": "MySQL vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21412", "CVE-2022-21413", "CVE-2022-21414", "CVE-2022-21415", "CVE-2022-21417", "CVE-2022-21418", "CVE-2022-21423", "CVE-2022-21425", "CVE-2022-21427", "CVE-2022-21435", "CVE-2022-21436", "CVE-2022-21437", "CVE-2022-21438", "CVE-2022-21440", "CVE-2022-21444", "CVE-2022-21451", "CVE-2022-21452", "CVE-2022-21454", "CVE-2022-21457", "CVE-2022-21459", "CVE-2022-21460", "CVE-2022-21462", "CVE-2022-21478"], "modified": "2022-05-03T00:00:00", "id": "USN-5400-1", "href": "https://ubuntu.com/security/notices/USN-5400-1", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "photon": [{"lastseen": "2023-09-26T11:21:13", "description": "Updates of ['mysql'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-06T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2022-0471", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21417", "CVE-2022-21427", "CVE-2022-21444", "CVE-2022-21451", "CVE-2022-21454", "CVE-2022-21460"], "modified": "2022-05-06T00:00:00", "id": "PHSA-2022-0471", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-471", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2022-05-24T00:57:33", "description": "Updates of ['mysql'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-20T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2022-0187", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21412", "CVE-2022-21417", "CVE-2022-21425", "CVE-2022-21427", "CVE-2022-21451", "CVE-2022-21454", "CVE-2022-21460", "CVE-2022-21478", "CVE-2022-21479", "CVE-2022-21482", "CVE-2022-21483"], "modified": "2022-05-20T00:00:00", "id": "PHSA-2022-0187", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-187", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2023-06-14T14:58:17", "description": "Updates of ['mysql'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-20T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2022-4.0-0187", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21412", "CVE-2022-21417", "CVE-2022-21425", "CVE-2022-21427", "CVE-2022-21451", "CVE-2022-21454", "CVE-2022-21460", "CVE-2022-21478", "CVE-2022-21479", "CVE-2022-21482", "CVE-2022-21483", "CVE-2022-21489"], "modified": "2022-05-20T00:00:00", "id": "PHSA-2022-4.0-0187", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-187", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2022-08-12T00:16:19", "description": "Updates of ['vim', 'mysql', 'nxtgn-openssl'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-07T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-0415", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2097", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-21412", "CVE-2022-21417", "CVE-2022-21425", "CVE-2022-21427", "CVE-2022-21444", "CVE-2022-21451", "CVE-2022-21454", "CVE-2022-21460", "CVE-2022-21478", "CVE-2022-21479", "CVE-2022-21482", "CVE-2022-21483", "CVE-2022-21489", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183"], "modified": "2022-07-07T00:00:00", "id": "PHSA-2022-0415", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-415", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-26T09:07:13", "description": "Updates of ['nxtgn-openssl', 'mysql', 'vim'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-07-07T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-3.0-0415", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22570", "CVE-2022-2097", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-21412", "CVE-2022-21417", "CVE-2022-21425", "CVE-2022-21427", "CVE-2022-21444", "CVE-2022-21451", "CVE-2022-21454", "CVE-2022-21460", "CVE-2022-21478", "CVE-2022-21479", "CVE-2022-21482", "CVE-2022-21483", "CVE-2022-21489", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183"], "modified": "2022-07-07T00:00:00", "id": "PHSA-2022-3.0-0415", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-415", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2023-08-16T15:27:36", "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. \n\nThe following packages have been upgraded to a later upstream version: mariadb (10.3.32), galera (25.3.34). (BZ#2050543)\n\nSecurity Fix(es):\n\n* mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154)\n\n* mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2166)\n\n* mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372)\n\n* mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2389)\n\n* mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)\n\n* mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)\n\n* mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657)\n\n* mariadb: save_window_function_values triggers an abort during IN subquery (CVE-2021-46658)\n\n* mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662)\n\n* mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666)\n\n* mariadb: No password masking in audit log when using ALTER USER <user> IDENTIFIED BY <password> command (BZ#1981332)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* mariadb:10.3/mariadb: /etc/security/user_map.conf getting overwritten with mariadb-server upgrade (BZ#2050514)\n\n* MariaDB logrotate leads to \"gzip: stdin: file size changed while zipping\" (BZ#2050532)\n\n* Crash: WSREP: invalid state ROLLED_BACK (FATAL) (BZ#2050533)\n\n* Galera doesn't work without 'procps-ng' package MariaDB-10.3 (BZ#2050550)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-26T13:50:43", "type": "redhat", "title": "(RHSA-2022:1556) Moderate: mariadb:10.3 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-2154", "CVE-2021-2166", "CVE-2021-2372", "CVE-2021-2389", "CVE-2021-35604", "CVE-2021-46657", "CVE-2021-46658", "CVE-2021-46662", "CVE-2021-46666", "CVE-2021-46667", "CVE-2022-21451", "CVE-2022-27385", "CVE-2022-31621", "CVE-2022-31624"], "modified": "2022-06-07T09:11:19", "id": "RHSA-2022:1556", "href": "https://access.redhat.com/errata/RHSA-2022:1556", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-08-16T15:27:36", "description": "MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.\n\nThe following packages have been upgraded to a later upstream version: rh-mariadb105-mariadb (10.5.13), rh-mariadb105-galera (26.4.9). (BZ#2050547)\n\nSecurity Fix(es):\n\n* mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154)\n\n* mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2166)\n\n* mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372)\n\n* mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2389)\n\n* mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)\n\n* mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)\n\n* mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657)\n\n* mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662)\n\n* mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666)\n\n* mariadb: No password masking in audit log when using ALTER USER <user> IDENTIFIED BY <password> command (BZ#1981332)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* rh-mariadb105: /etc/security/user_map.conf getting overwritten with mariadb-server upgrade (BZ#2050517)\n\n* Galera doesn't work without 'procps-ng' package [rhscl-3] (BZ#2050548)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-03-22T10:04:54", "type": "redhat", "title": "(RHSA-2022:1007) Moderate: rh-mariadb105-mariadb security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-2154", "CVE-2021-2166", "CVE-2021-2372", "CVE-2021-2389", "CVE-2021-35604", "CVE-2021-46657", "CVE-2021-46658", "CVE-2021-46662", "CVE-2021-46666", "CVE-2021-46667", "CVE-2022-21451", "CVE-2022-27385", "CVE-2022-31621", "CVE-2022-31624"], "modified": "2022-06-07T09:15:56", "id": "RHSA-2022:1007", "href": "https://access.redhat.com/errata/RHSA-2022:1007", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-08-16T15:27:36", "description": "MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL.\n\nThe following packages have been upgraded to a later upstream version: rh-mariadb103-mariadb (10.3.32), rh-mariadb103-galera (25.3.34). (BZ#2050544)\n\nSecurity Fix(es):\n\n* mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154)\n\n* mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2166)\n\n* mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372)\n\n* mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2389)\n\n* mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)\n\n* mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)\n\n* mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657)\n\n* mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662)\n\n* mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666)\n\n* mariadb: No password masking in audit log when using ALTER USER <user> IDENTIFIED BY <password> command (BZ#1981332)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* rh-mariadb103: /etc/security/user_map.conf getting overwritten with mariadb-server upgrade (BZ#2050516)\n\n* mysqld got signal 6, \"WSREP: invalid state ROLLED_BACK (FATAL)\" (BZ#2050520)\n\n* MariaDB logrotate leads to \"gzip: stdin: file size changed while zipping\" (BZ#2050538)\n\n* Galera doesn't work without 'procps-ng' package [rhscl-3] (BZ#2050549)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-03-22T12:12:53", "type": "redhat", "title": "(RHSA-2022:1010) Moderate: rh-mariadb103-mariadb security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-2154", "CVE-2021-2166", "CVE-2021-2372", "CVE-2021-2389", "CVE-2021-35604", "CVE-2021-46657", "CVE-2021-46658", "CVE-2021-46662", "CVE-2021-46666", "CVE-2021-46667", "CVE-2022-21451", "CVE-2022-27385", "CVE-2022-31621", "CVE-2022-31624"], "modified": "2022-06-07T09:15:57", "id": "RHSA-2022:1010", "href": "https://access.redhat.com/errata/RHSA-2022:1010", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-08-16T15:27:36", "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. \n\nThe following packages have been upgraded to a later upstream version: mariadb (10.5.13), galera (26.4.9). (BZ#2050546)\n\nSecurity Fix(es):\n\n* mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154)\n\n* mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2166)\n\n* mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372)\n\n* mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2389)\n\n* mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)\n\n* mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)\n\n* mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657)\n\n* mariadb: save_window_function_values triggers an abort during IN subquery (CVE-2021-46658)\n\n* mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662)\n\n* mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666)\n\n* mariadb: No password masking in audit log when using ALTER USER <user> IDENTIFIED BY <password> command (BZ#1981332)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* mariadb-10.5-module: /etc/security/user_map.conf getting overwritten with mariadb-server upgrade (BZ#2050515)\n\n* mariadb-server:10.5 in centos8 stream is not shipping wsrep_sst_rsync_tunnel (BZ#2050524)\n\n* Galera doesn't work without 'procps-ng' package MariaDB-10.5 (BZ#2050542)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-26T13:50:46", "type": "redhat", "title": "(RHSA-2022:1557) Moderate: mariadb:10.5 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-2154", "CVE-2021-2166", "CVE-2021-2372", "CVE-2021-2389", "CVE-2021-35604", "CVE-2021-46657", "CVE-2021-46658", "CVE-2021-46662", "CVE-2021-46666", "CVE-2021-46667", "CVE-2022-21451", "CVE-2022-27385", "CVE-2022-31621", "CVE-2022-31624"], "modified": "2022-06-07T09:15:55", "id": "RHSA-2022:1557", "href": "https://access.redhat.com/errata/RHSA-2022:1557", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-06-03T18:21:14", "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nThe following packages have been upgraded to a later upstream version: mysql (8.0.30). (BZ#2122589)\n\nSecurity Fix(es):\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CPU Apr 2022) (CVE-2022-21412, CVE-2022-21414, CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21440, CVE-2022-21452, CVE-2022-21459, CVE-2022-21462, CVE-2022-21478, CVE-2022-21479)\n\n* mysql: Server: DML unspecified vulnerability (CPU Apr 2022) (CVE-2022-21413)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Apr 2022) (CVE-2022-21415)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CPU Apr 2022) (CVE-2022-21417, CVE-2022-21418, CVE-2022-21451, CVE-2022-21423)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CPU Apr 2022) (CVE-2022-21425, CVE-2022-21444)\n\n* mysql: Server: FTS unspecified vulnerability (CPU Apr 2022) (CVE-2022-21427)\n\n* mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2022) (CVE-2022-21454)\n\n* mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Jul 2022) (CVE-2022-21455)\n\n* mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Apr 2022) (CVE-2022-21457)\n\n* mysql: Server: Logging unspecified vulnerability (CPU Apr 2022) (CVE-2022-21460)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CPU Jul 2022) (CVE-2022-21509, CVE-2022-21525, CVE-2022-21526, CVE-2022-21527, CVE-2022-21528, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531, CVE-2022-21553, CVE-2022-21556, CVE-2022-21569)\n\n* mysql: Server: Options unspecified vulnerability (CPU Jul 2022) (CVE-2022-21515)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CPU Jul 2022) (CVE-2022-21517, CVE-2022-21537, CVE-2022-21539)\n\n* mysql: Server: Stored Procedure multiple unspecified vulnerabilities (CPU Jul 2022) (CVE-2022-21522, CVE-2022-21534)\n\n* mysql: Server: Federated unspecified vulnerability (CPU Jul 2022) (CVE-2022-21547)\n\n* mysql: Server: Security: Encryption unspecified vulnerability (CPU Jul 2022) (CVE-2022-21538)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Default logrotate set to wrong log file (BZ#2122592)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-20T11:37:11", "type": "redhat", "title": "(RHSA-2022:6590) Moderate: mysql security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21412", "CVE-2022-21413", "CVE-2022-21414", "CVE-2022-21415", "CVE-2022-21417", "CVE-2022-21418", "CVE-2022-21423", "CVE-2022-21425", "CVE-2022-21427", "CVE-2022-21435", "CVE-2022-21436", "CVE-2022-21437", "CVE-2022-21438", "CVE-2022-21440", "CVE-2022-21444", "CVE-2022-21451", "CVE-2022-21452", "CVE-2022-21454", "CVE-2022-21455", "CVE-2022-21457", "CVE-2022-21459", "CVE-2022-21460", "CVE-2022-21462", "CVE-2022-21478", "CVE-2022-21479", "CVE-2022-21509", "CVE-2022-21515", "CVE-2022-21517", "CVE-2022-21522", "CVE-2022-21525", "CVE-2022-21526", "CVE-2022-21527", "CVE-2022-21528", "CVE-2022-21529", "CVE-2022-21530", "CVE-2022-21531", "CVE-2022-21534", "CVE-2022-21537", "CVE-2022-21538", "CVE-2022-21539", "CVE-2022-21547", "CVE-2022-21553", "CVE-2022-21556", "CVE-2022-21569", "CVE-2022-21592", "CVE-2022-21605", "CVE-2022-21607", "CVE-2022-21635", "CVE-2022-21638", "CVE-2022-21641", "CVE-2023-21866", "CVE-2023-21872"], "modified": "2023-01-19T13:51:51", "id": "RHSA-2022:6590", "href": "https://access.redhat.com/errata/RHSA-2022:6590", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2023-06-03T18:21:14", "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs. \n\nThe following packages have been upgraded to a later upstream version: rh-mysql80-mysql (8.0.30). (BZ#2076939)\n\nSecurity Fix(es):\n\n* mysql: Server: DML multiple unspecified vulnerabilities (CVE-2021-2478, CVE-2021-2479, CVE-2021-35591, CVE-2021-35607, CVE-2022-21301, CVE-2022-21413)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2021-2481, CVE-2021-35575, CVE-2021-35577, CVE-2021-35610, CVE-2021-35612, CVE-2021-35626, CVE-2021-35627, CVE-2021-35628, CVE-2021-35634, CVE-2021-35635, CVE-2021-35636, CVE-2021-35638, CVE-2021-35641, CVE-2021-35642, CVE-2021-35643, CVE-2021-35644, CVE-2021-35645, CVE-2021-35646, CVE-2021-35647, CVE-2022-21253, CVE-2022-21254, CVE-2022-21264, CVE-2022-21278, CVE-2022-21297, CVE-2022-21339, CVE-2022-21342, CVE-2022-21351, CVE-2022-21370, CVE-2022-21378, CVE-2022-21412, CVE-2022-21414, CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21440, CVE-2022-21452, CVE-2022-21459, CVE-2022-21462, CVE-2022-21478, CVE-2022-21479, CVE-2022-21509, CVE-2022-21525, CVE-2022-21526, CVE-2022-21527, CVE-2022-21528, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531, CVE-2022-21553, CVE-2022-21556, CVE-2022-21569, CVE-2022-21265)\n\n* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2021-35546, CVE-2022-21344, CVE-2022-21415)\n\n* mysql: Server: Error Handling unspecified vulnerability (CVE-2021-35596)\n\n* mysql: C API unspecified vulnerability (CVE-2021-35597)\n\n* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2021-35602, CVE-2021-35630, CVE-2022-21515)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2021-35604, CVE-2022-21302, CVE-2022-21348, CVE-2022-21352, CVE-2022-21417, CVE-2022-21418, CVE-2022-21451, CVE-2022-21517, CVE-2022-21537, CVE-2022-21539, CVE-2022-21423)\n\n* mysql: Server: Group Replication Plugin multiple unspecified vulnerabilities (CVE-2021-35608, CVE-2022-21256, CVE-2022-21379, CVE-2022-21454)\n\n* mysql: Server: Security: Encryption multiple unspecified vulnerabilities (CVE-2021-35622, CVE-2022-21358, CVE-2022-21372, CVE-2022-21538)\n\n* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2021-35624, CVE-2022-21245, CVE-2021-35625)\n\n* mysql: Server: GIS unspecified vulnerability (CVE-2021-35631)\n\n* mysql: Server: Data Dictionary unspecified vulnerability (CVE-2021-35632)\n\n* mysql: Server: PS unspecified vulnerability (CVE-2021-35637)\n\n* mysql: Server: Stored Procedure multiple unspecified vulnerabilities (CVE-2021-35639, CVE-2022-21303, CVE-2022-21522, CVE-2022-21534)\n\n* mysql: Server: FTS multiple unspecified vulnerabilities (CVE-2021-35648, CVE-2022-21427)\n\n* mysql: Server: Federated multiple unspecified vulnerabilities (CVE-2022-21270, CVE-2022-21547)\n\n* mysql: Server: Parser unspecified vulnerability (CVE-2022-21304)\n\n* mysql: Server: Information Schema multiple unspecified vulnerabilities (CVE-2022-21362, CVE-2022-21374)\n\n* mysql: Server: Compiling unspecified vulnerability (CVE-2022-21367)\n\n* mysql: Server: Components Services unspecified vulnerability (CVE-2022-21368)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2022-21425, CVE-2022-21444, CVE-2021-35640, CVE-2022-21249)\n\n* mysql: Server: PAM Auth Plugin multiple unspecified vulnerabilities (CVE-2022-21455, CVE-2022-21457)\n\n* mysql: Server: Logging multiple unspecified vulnerabilities (CVE-2022-21460, CVE-2021-35633)\n\n* mysql: Server: Security: Roles unspecified vulnerability (CVE-2021-35623)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-14T12:59:54", "type": "redhat", "title": "(RHSA-2022:6518) Moderate: rh-mysql80-mysql security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-2478", "CVE-2021-2479", "CVE-2021-2481", "CVE-2021-35546", "CVE-2021-35575", "CVE-2021-35577", "CVE-2021-35591", "CVE-2021-35596", "CVE-2021-35597", "CVE-2021-35602", "CVE-2021-35604", "CVE-2021-35607", "CVE-2021-35608", "CVE-2021-35610", "CVE-2021-35612", "CVE-2021-35622", "CVE-2021-35623", "CVE-2021-35624", "CVE-2021-35625", "CVE-2021-35626", "CVE-2021-35627", "CVE-2021-35628", "CVE-2021-35630", "CVE-2021-35631", "CVE-2021-35632", "CVE-2021-35633", "CVE-2021-35634", "CVE-2021-35635", "CVE-2021-35636", "CVE-2021-35637", "CVE-2021-35638", "CVE-2021-35639", "CVE-2021-35640", "CVE-2021-35641", "CVE-2021-35642", "CVE-2021-35643", "CVE-2021-35644", "CVE-2021-35645", "CVE-2021-35646", "CVE-2021-35647", "CVE-2021-35648", "CVE-2022-21245", "CVE-2022-21249", "CVE-2022-21253", "CVE-2022-21254", "CVE-2022-21256", "CVE-2022-21264", "CVE-2022-21265", "CVE-2022-21270", "CVE-2022-21278", "CVE-2022-21297", "CVE-2022-21301", "CVE-2022-21302", "CVE-2022-21303", "CVE-2022-21304", "CVE-2022-21339", "CVE-2022-21342", "CVE-2022-21344", "CVE-2022-21348", "CVE-2022-21351", "CVE-2022-21352", "CVE-2022-21358", "CVE-2022-21362", "CVE-2022-21367", "CVE-2022-21368", "CVE-2022-21370", "CVE-2022-21372", "CVE-2022-21374", "CVE-2022-21378", "CVE-2022-21379", "CVE-2022-21412", "CVE-2022-21413", "CVE-2022-21414", "CVE-2022-21415", "CVE-2022-21417", "CVE-2022-21418", "CVE-2022-21423", "CVE-2022-21425", "CVE-2022-21427", "CVE-2022-21435", "CVE-2022-21436", "CVE-2022-21437", "CVE-2022-21438", "CVE-2022-21440", "CVE-2022-21444", "CVE-2022-21451", "CVE-2022-21452", "CVE-2022-21454", "CVE-2022-21455", "CVE-2022-21457", "CVE-2022-21459", "CVE-2022-21460", "CVE-2022-21462", "CVE-2022-21478", "CVE-2022-21479", "CVE-2022-21509", "CVE-2022-21515", "CVE-2022-21517", "CVE-2022-21522", "CVE-2022-21525", "CVE-2022-21526", "CVE-2022-21527", "CVE-2022-21528", "CVE-2022-21529", "CVE-2022-21530", "CVE-2022-21531", "CVE-2022-21534", "CVE-2022-21537", "CVE-2022-21538", "CVE-2022-21539", "CVE-2022-21547", "CVE-2022-21553", "CVE-2022-21556", "CVE-2022-21569", "CVE-2022-21592", "CVE-2022-21595", "CVE-2022-21600", "CVE-2022-21605", "CVE-2022-21607", "CVE-2022-21635", "CVE-2022-21638", "CVE-2022-21641", "CVE-2023-21866", "CVE-2023-21872"], "modified": "2023-01-19T13:55:48", "id": "RHSA-2022:6518", "href": "https://access.redhat.com/errata/RHSA-2022:6518", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}, {"lastseen": "2023-07-14T14:45:44", "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nThe following packages have been upgraded to a later upstream version: mysql (8.0.30).\n\nSecurity Fix(es):\n\n* mysql: Server: DML multiple unspecified vulnerabilities (CVE-2021-2478, CVE-2021-2479, CVE-2021-35591, CVE-2021-35607, CVE-2022-21301, CVE-2022-21413)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2021-2481, CVE-2021-35575, CVE-2021-35577, CVE-2021-35610, CVE-2021-35612, CVE-2021-35626, CVE-2021-35627, CVE-2021-35628, CVE-2021-35634, CVE-2021-35635, CVE-2021-35636, CVE-2021-35638, CVE-2021-35641, CVE-2021-35642, CVE-2021-35643, CVE-2021-35644, CVE-2021-35645, CVE-2021-35646, CVE-2021-35647, CVE-2022-21253, CVE-2022-21254, CVE-2022-21264, CVE-2022-21278, CVE-2022-21297, CVE-2022-21339, CVE-2022-21342, CVE-2022-21351, CVE-2022-21370, CVE-2022-21378, CVE-2022-21412, CVE-2022-21414, CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21440, CVE-2022-21452, CVE-2022-21459, CVE-2022-21462, CVE-2022-21478, CVE-2022-21479, CVE-2022-21509, CVE-2022-21525, CVE-2022-21526, CVE-2022-21527, CVE-2022-21528, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531, CVE-2022-21553, CVE-2022-21569, CVE-2022-21265)\n\n* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2021-35546, CVE-2022-21344, CVE-2022-21415)\n\n* mysql: Server: Error Handling unspecified vulnerability (CVE-2021-35596)\n\n* mysql: C API unspecified vulnerability (CVE-2021-35597)\n\n* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2021-35602, CVE-2021-35630, CVE-2022-21515)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2021-35604, CVE-2022-21302, CVE-2022-21348, CVE-2022-21352, CVE-2022-21417, CVE-2022-21418, CVE-2022-21451, CVE-2022-21517, CVE-2022-21537, CVE-2022-21539, CVE-2022-21423)\n\n* mysql: Server: Group Replication Plugin multiple unspecified vulnerabilities (CVE-2021-35608, CVE-2022-21256, CVE-2022-21379, CVE-2022-21454)\n\n* mysql: Server: Security: Encryption multiple unspecified vulnerabilities (CVE-2021-35622, CVE-2022-21358, CVE-2022-21372, CVE-2022-21538)\n\n* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2021-35624, CVE-2022-21245, CVE-2021-35625)\n\n* mysql: Server: GIS unspecified vulnerability (CVE-2021-35631)\n\n* mysql: Server: Data Dictionary unspecified vulnerability (CVE-2021-35632)\n\n* mysql: Server: PS unspecified vulnerability (CVE-2021-35637)\n\n* mysql: Server: Stored Procedure multiple unspecified vulnerabilities (CVE-2021-35639, CVE-2022-21303, CVE-2022-21522, CVE-2022-21534)\n\n* mysql: Server: FTS multiple unspecified vulnerabilities (CVE-2021-35648, CVE-2022-21427)\n\n* mysql: Server: Federated multiple unspecified vulnerabilities (CVE-2022-21270, CVE-2022-21547)\n\n* mysql: Server: Parser unspecified vulnerability (CVE-2022-21304)\n\n* mysql: Server: Information Schema multiple unspecified vulnerabilities (CVE-2022-21362, CVE-2022-21374)\n\n* mysql: Server: Compiling unspecified vulnerability (CVE-2022-21367)\n\n* mysql: Server: Components Services unspecified vulnerability (CVE-2022-21368)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2022-21425, CVE-2022-21444, CVE-2021-35640, CVE-2022-21249)\n\n* mysql: Server: PAM Auth Plugin unspecified vulnerability (CVE-2022-21457)\n\n* mysql: Server: Logging multiple unspecified vulnerabilities (CVE-2022-21460, CVE-2021-35633)\n\n* mysql: Server: Security: Roles unspecified vulnerability (CVE-2021-35623)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Rebuild mecab due to change in the suffix (from .el8 to .el8.0.0) [rhel-8] (BZ#2110940)", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-25T07:30:28", "type": "redhat", "title": "(RHSA-2022:7119) Moderate: mysql:8.0 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-2478", "CVE-2021-2479", "CVE-2021-2481", "CVE-2021-35546", "CVE-2021-35575", "CVE-2021-35577", "CVE-2021-35591", "CVE-2021-35596", "CVE-2021-35597", "CVE-2021-35602", "CVE-2021-35604", "CVE-2021-35607", "CVE-2021-35608", "CVE-2021-35610", "CVE-2021-35612", "CVE-2021-35622", "CVE-2021-35623", "CVE-2021-35624", "CVE-2021-35625", "CVE-2021-35626", "CVE-2021-35627", "CVE-2021-35628", "CVE-2021-35630", "CVE-2021-35631", "CVE-2021-35632", "CVE-2021-35633", "CVE-2021-35634", "CVE-2021-35635", "CVE-2021-35636", "CVE-2021-35637", "CVE-2021-35638", "CVE-2021-35639", "CVE-2021-35640", "CVE-2021-35641", "CVE-2021-35642", "CVE-2021-35643", "CVE-2021-35644", "CVE-2021-35645", "CVE-2021-35646", "CVE-2021-35647", "CVE-2021-35648", "CVE-2022-21245", "CVE-2022-21249", "CVE-2022-21253", "CVE-2022-21254", "CVE-2022-21256", "CVE-2022-21264", "CVE-2022-21265", "CVE-2022-21270", "CVE-2022-21278", "CVE-2022-21297", "CVE-2022-21301", "CVE-2022-21302", "CVE-2022-21303", "CVE-2022-21304", "CVE-2022-21339", "CVE-2022-21342", "CVE-2022-21344", "CVE-2022-21348", "CVE-2022-21351", "CVE-2022-21352", "CVE-2022-21358", "CVE-2022-21362", "CVE-2022-21367", "CVE-2022-21368", "CVE-2022-21370", "CVE-2022-21372", "CVE-2022-21374", "CVE-2022-21378", "CVE-2022-21379", "CVE-2022-21412", "CVE-2022-21413", "CVE-2022-21414", "CVE-2022-21415", "CVE-2022-21417", "CVE-2022-21418", "CVE-2022-21423", "CVE-2022-21425", "CVE-2022-21427", "CVE-2022-21435", "CVE-2022-21436", "CVE-2022-21437", "CVE-2022-21438", "CVE-2022-21440", "CVE-2022-21444", "CVE-2022-21451", "CVE-2022-21452", "CVE-2022-21454", "CVE-2022-21455", "CVE-2022-21457", "CVE-2022-21459", "CVE-2022-21460", "CVE-2022-21462", "CVE-2022-21478", "CVE-2022-21479", "CVE-2022-21509", "CVE-2022-21515", "CVE-2022-21517", "CVE-2022-21522", "CVE-2022-21525", "CVE-2022-21526", "CVE-2022-21527", "CVE-2022-21528", "CVE-2022-21529", "CVE-2022-21530", "CVE-2022-21531", "CVE-2022-21534", "CVE-2022-21537", "CVE-2022-21538", "CVE-2022-21539", "CVE-2022-21547", "CVE-2022-21553", "CVE-2022-21556", "CVE-2022-21569", "CVE-2022-21592", "CVE-2022-21595", "CVE-2022-21600", "CVE-2022-21605", "CVE-2022-21607", "CVE-2022-21635", "CVE-2022-21638", "CVE-2022-21641", "CVE-2023-21866", "CVE-2023-21872"], "modified": "2023-01-19T13:51:50", "id": "RHSA-2022:7119", "href": "https://access.redhat.com/errata/RHSA-2022:7119", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "rocky": [{"lastseen": "2023-08-11T23:28:21", "description": "An update is available for Judy, mariadb, galera.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list\nMariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. \n\nThe following packages have been upgraded to a later upstream version: mariadb (10.5.13), galera (26.4.9). (BZ#2050546)\n\nSecurity Fix(es):\n\n* mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154)\n\n* mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2166)\n\n* mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372)\n\n* mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2389)\n\n* mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)\n\n* mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)\n\n* mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657)\n\n* mariadb: save_window_function_values triggers an abort during IN subquery (CVE-2021-46658)\n\n* mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662)\n\n* mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666)\n\n* mariadb: No password masking in audit log when using ALTER USER <user> IDENTIFIED BY <password> command (BZ#1981332)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* mariadb-10.5-module: /etc/security/user_map.conf getting overwritten with mariadb-server upgrade (BZ#2050515)\n\n* mariadb-server:10.5 in centos8 stream is not shipping wsrep_sst_rsync_tunnel (BZ#2050524)\n\n* Galera doesn't work without 'procps-ng' package MariaDB-10.5 (BZ#2050542)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-26T13:50:46", "type": "rocky", "title": "mariadb:10.5 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-2154", "CVE-2021-2166", "CVE-2021-2372", "CVE-2021-2389", "CVE-2021-35604", "CVE-2021-46657", "CVE-2021-46658", "CVE-2021-46662", "CVE-2021-46666", "CVE-2021-46667", "CVE-2022-21451", "CVE-2022-27385", "CVE-2022-31621", "CVE-2022-31624"], "modified": "2022-04-26T13:50:46", "id": "RLSA-2022:1557", "href": "https://errata.rockylinux.org/RLSA-2022:1557", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-08-11T23:28:21", "description": "An update is available for Judy, mariadb, galera.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list\nMariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. \n\nThe following packages have been upgraded to a later upstream version: mariadb (10.3.32), galera (25.3.34). (BZ#2050543)\n\nSecurity Fix(es):\n\n* mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2154)\n\n* mysql: Server: DML unspecified vulnerability (CPU Apr 2021) (CVE-2021-2166)\n\n* mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2372)\n\n* mysql: InnoDB unspecified vulnerability (CPU Jul 2021) (CVE-2021-2389)\n\n* mysql: InnoDB unspecified vulnerability (CPU Oct 2021) (CVE-2021-35604)\n\n* mariadb: Integer overflow in sql_lex.cc integer leading to crash (CVE-2021-46667)\n\n* mariadb: Crash in get_sort_by_table() in subquery with ORDER BY having outer ref (CVE-2021-46657)\n\n* mariadb: save_window_function_values triggers an abort during IN subquery (CVE-2021-46658)\n\n* mariadb: Crash in set_var.cc via certain UPDATE queries with nested subqueries (CVE-2021-46662)\n\n* mariadb: Crash caused by mishandling of a pushdown from a HAVING clause to a WHERE clause (CVE-2021-46666)\n\n* mariadb: No password masking in audit log when using ALTER USER <user> IDENTIFIED BY <password> command (BZ#1981332)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* mariadb:10.3/mariadb: /etc/security/user_map.conf getting overwritten with mariadb-server upgrade (BZ#2050514)\n\n* MariaDB logrotate leads to \"gzip: stdin: file size changed while zipping\" (BZ#2050532)\n\n* Crash: WSREP: invalid state ROLLED_BACK (FATAL) (BZ#2050533)\n\n* Galera doesn't work without 'procps-ng' package MariaDB-10.3 (BZ#2050550)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-26T13:50:43", "type": "rocky", "title": "mariadb:10.3 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-2154", "CVE-2021-2166", "CVE-2021-2372", "CVE-2021-2389", "CVE-2021-35604", "CVE-2021-46657", "CVE-2021-46658", "CVE-2021-46662", "CVE-2021-46666", "CVE-2021-46667", "CVE-2022-21451", "CVE-2022-27385", "CVE-2022-31621", "CVE-2022-31624"], "modified": "2022-04-26T13:50:43", "id": "RLSA-2022:1556", "href": "https://errata.rockylinux.org/RLSA-2022:1556", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2023-07-24T11:28:20", "description": "An update is available for mysql.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list\nMySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nThe following packages have been upgraded to a later upstream version: mysql (8.0.30). (BZ#2122589)\n\nSecurity Fix(es):\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CPU Apr 2022) (CVE-2022-21412, CVE-2022-21414, CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21440, CVE-2022-21452, CVE-2022-21459, CVE-2022-21462, CVE-2022-21478, CVE-2022-21479)\n\n* mysql: Server: DML unspecified vulnerability (CPU Apr 2022) (CVE-2022-21413)\n\n* mysql: Server: Replication unspecified vulnerability (CPU Apr 2022) (CVE-2022-21415)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CPU Apr 2022) (CVE-2022-21417, CVE-2022-21418, CVE-2022-21451, CVE-2022-21423)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CPU Apr 2022) (CVE-2022-21425, CVE-2022-21444)\n\n* mysql: Server: FTS unspecified vulnerability (CPU Apr 2022) (CVE-2022-21427)\n\n* mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2022) (CVE-2022-21454)\n\n* mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Jul 2022) (CVE-2022-21455)\n\n* mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Apr 2022) (CVE-2022-21457)\n\n* mysql: Server: Logging unspecified vulnerability (CPU Apr 2022) (CVE-2022-21460)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CPU Jul 2022) (CVE-2022-21509, CVE-2022-21525, CVE-2022-21526, CVE-2022-21527, CVE-2022-21528, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531, CVE-2022-21553, CVE-2022-21556, CVE-2022-21569)\n\n* mysql: Server: Options unspecified vulnerability (CPU Jul 2022) (CVE-2022-21515)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CPU Jul 2022) (CVE-2022-21517, CVE-2022-21537, CVE-2022-21539)\n\n* mysql: Server: Stored Procedure multiple unspecified vulnerabilities (CPU Jul 2022) (CVE-2022-21522, CVE-2022-21534)\n\n* mysql: Server: Federated unspecified vulnerability (CPU Jul 2022) (CVE-2022-21547)\n\n* mysql: Server: Security: Encryption unspecified vulnerability (CPU Jul 2022) (CVE-2022-21538)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Default logrotate set to wrong log file (BZ#2122592)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-20T11:37:11", "type": "rocky", "title": "mysql security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21412", "CVE-2022-21413", "CVE-2022-21414", "CVE-2022-21415", "CVE-2022-21417", "CVE-2022-21418", "CVE-2022-21423", "CVE-2022-21425", "CVE-2022-21427", "CVE-2022-21435", "CVE-2022-21436", "CVE-2022-21437", "CVE-2022-21438", "CVE-2022-21440", "CVE-2022-21444", "CVE-2022-21451", "CVE-2022-21452", "CVE-2022-21454", "CVE-2022-21455", "CVE-2022-21457", "CVE-2022-21459", "CVE-2022-21460", "CVE-2022-21462", "CVE-2022-21478", "CVE-2022-21479", "CVE-2022-21509", "CVE-2022-21515", "CVE-2022-21517", "CVE-2022-21522", "CVE-2022-21525", "CVE-2022-21526", "CVE-2022-21527", "CVE-2022-21528", "CVE-2022-21529", "CVE-2022-21530", "CVE-2022-21531", "CVE-2022-21534", "CVE-2022-21537", "CVE-2022-21538", "CVE-2022-21539", "CVE-2022-21547", "CVE-2022-21553", "CVE-2022-21556", "CVE-2022-21569", "CVE-2022-21592", "CVE-2022-21605", "CVE-2022-21607", "CVE-2022-21635", "CVE-2022-21638", "CVE-2022-21641", "CVE-2023-21866", "CVE-2023-21872"], "modified": "2022-09-20T11:37:11", "id": "RLSA-2022:6590", "href": "https://errata.rockylinux.org/RLSA-2022:6590", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2023-07-24T11:28:02", "description": "An update is available for mecab-ipadic, mecab, mysql.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list\nMySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nThe following packages have been upgraded to a later upstream version: mysql (8.0.30).\n\nSecurity Fix(es):\n\n* mysql: Server: DML multiple unspecified vulnerabilities (CVE-2021-2478, CVE-2021-2479, CVE-2021-35591, CVE-2021-35607, CVE-2022-21301, CVE-2022-21413)\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2021-2481, CVE-2021-35575, CVE-2021-35577, CVE-2021-35610, CVE-2021-35612, CVE-2021-35626, CVE-2021-35627, CVE-2021-35628, CVE-2021-35634, CVE-2021-35635, CVE-2021-35636, CVE-2021-35638, CVE-2021-35641, CVE-2021-35642, CVE-2021-35643, CVE-2021-35644, CVE-2021-35645, CVE-2021-35646, CVE-2021-35647, CVE-2022-21253, CVE-2022-21254, CVE-2022-21264, CVE-2022-21278, CVE-2022-21297, CVE-2022-21339, CVE-2022-21342, CVE-2022-21351, CVE-2022-21370, CVE-2022-21378, CVE-2022-21412, CVE-2022-21414, CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21440, CVE-2022-21452, CVE-2022-21459, CVE-2022-21462, CVE-2022-21478, CVE-2022-21479, CVE-2022-21509, CVE-2022-21525, CVE-2022-21526, CVE-2022-21527, CVE-2022-21528, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531, CVE-2022-21553, CVE-2022-21569, CVE-2022-21265)\n\n* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2021-35546, CVE-2022-21344, CVE-2022-21415)\n\n* mysql: Server: Error Handling unspecified vulnerability (CVE-2021-35596)\n\n* mysql: C API unspecified vulnerability (CVE-2021-35597)\n\n* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2021-35602, CVE-2021-35630, CVE-2022-21515)\n\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2021-35604, CVE-2022-21302, CVE-2022-21348, CVE-2022-21352, CVE-2022-21417, CVE-2022-21418, CVE-2022-21451, CVE-2022-21517, CVE-2022-21537, CVE-2022-21539, CVE-2022-21423)\n\n* mysql: Server: Group Replication Plugin multiple unspecified vulnerabilities (CVE-2021-35608, CVE-2022-21256, CVE-2022-21379, CVE-2022-21454)\n\n* mysql: Server: Security: Encryption multiple unspecified vulnerabilities (CVE-2021-35622, CVE-2022-21358, CVE-2022-21372, CVE-2022-21538)\n\n* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2021-35624, CVE-2022-21245, CVE-2021-35625)\n\n* mysql: Server: GIS unspecified vulnerability (CVE-2021-35631)\n\n* mysql: Server: Data Dictionary unspecified vulnerability (CVE-2021-35632)\n\n* mysql: Server: PS unspecified vulnerability (CVE-2021-35637)\n\n* mysql: Server: Stored Procedure multiple unspecified vulnerabilities (CVE-2021-35639, CVE-2022-21303, CVE-2022-21522, CVE-2022-21534)\n\n* mysql: Server: FTS multiple unspecified vulnerabilities (CVE-2021-35648, CVE-2022-21427)\n\n* mysql: Server: Federated multiple unspecified vulnerabilities (CVE-2022-21270, CVE-2022-21547)\n\n* mysql: Server: Parser unspecified vulnerability (CVE-2022-21304)\n\n* mysql: Server: Information Schema multiple unspecified vulnerabilities (CVE-2022-21362, CVE-2022-21374)\n\n* mysql: Server: Compiling unspecified vulnerability (CVE-2022-21367)\n\n* mysql: Server: Components Services unspecified vulnerability (CVE-2022-21368)\n\n* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2022-21425, CVE-2022-21444, CVE-2021-35640, CVE-2022-21249)\n\n* mysql: Server: PAM Auth Plugin unspecified vulnerability (CVE-2022-21457)\n\n* mysql: Server: Logging multiple unspecified vulnerabilities (CVE-2022-21460, CVE-2021-35633)\n\n* mysql: Server: Security: Roles unspecified vulnerability (CVE-2021-35623)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Rebuild mecab due to change in the suffix (from .el8 to .el8.0.0) [Rocky Linux-8] (BZ#2110940)", "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 7.2, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-25T07:30:28", "type": "rocky", "title": "mysql:8.0 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-2478", "CVE-2021-2479", "CVE-2021-2481", "CVE-2021-35546", "CVE-2021-35575", "CVE-2021-35577", "CVE-2021-35591", "CVE-2021-35596", "CVE-2021-35597", "CVE-2021-35602", "CVE-2021-35604", "CVE-2021-35607", "CVE-2021-35608", "CVE-2021-35610", "CVE-2021-35612", "CVE-2021-35622", "CVE-2021-35623", "CVE-2021-35624", "CVE-2021-35625", "CVE-2021-35626", "CVE-2021-35627", "CVE-2021-35628", "CVE-2021-35630", "CVE-2021-35631", "CVE-2021-35632", "CVE-2021-35633", "CVE-2021-35634", "CVE-2021-35635", "CVE-2021-35636", "CVE-2021-35637", "CVE-2021-35638", "CVE-2021-35639", "CVE-2021-35640", "CVE-2021-35641", "CVE-2021-35642", "CVE-2021-35643", "CVE-2021-35644", "CVE-2021-35645", "CVE-2021-35646", "CVE-2021-35647", "CVE-2021-35648", "CVE-2022-21245", "CVE-2022-21249", "CVE-2022-21253", "CVE-2022-21254", "CVE-2022-21256", "CVE-2022-21264", "CVE-2022-21265", "CVE-2022-21270", "CVE-2022-21278", "CVE-2022-21297", "CVE-2022-21301", "CVE-2022-21302", "CVE-2022-21303", "CVE-2022-21304", "CVE-2022-21339", "CVE-2022-21342", "CVE-2022-21344", "CVE-2022-21348", "CVE-2022-21351", "CVE-2022-21352", "CVE-2022-21358", "CVE-2022-21362", "CVE-2022-21367", "CVE-2022-21368", "CVE-2022-21370", "CVE-2022-21372", "CVE-2022-21374", "CVE-2022-21378", "CVE-2022-21379", "CVE-2022-21412", "CVE-2022-21413", "CVE-2022-21414", "CVE-2022-21415", "CVE-2022-21417", "CVE-2022-21418", "CVE-2022-21423", "CVE-2022-21425", "CVE-2022-21427", "CVE-2022-21435", "CVE-2022-21436", "CVE-2022-21437", "CVE-2022-21438", "CVE-2022-21440", "CVE-2022-21444", "CVE-2022-21451", "CVE-2022-21452", "CVE-2022-21454", "CVE-2022-21455", "CVE-2022-21457", "CVE-2022-21459", "CVE-2022-21460", "CVE-2022-21462", "CVE-2022-21478", "CVE-2022-21479", "CVE-2022-21509", "CVE-2022-21515", "CVE-2022-21517", "CVE-2022-21522", "CVE-2022-21525", "CVE-2022-21526", "CVE-2022-21527", "CVE-2022-21528", "CVE-2022-21529", "CVE-2022-21530", "CVE-2022-21531", "CVE-2022-21534", "CVE-2022-21537", "CVE-2022-21538", "CVE-2022-21539", "CVE-2022-21547", "CVE-2022-21553", "CVE-2022-21556", "CVE-2022-21569", "CVE-2022-21592", "CVE-2022-21595", "CVE-2022-21600", "CVE-2022-21605", "CVE-2022-21607", "CVE-2022-21635", "CVE-2022-21638", "CVE-2022-21641", "CVE-2023-21866", "CVE-2023-21872"], "modified": "2022-10-25T07:30:28", "id": "RLSA-2022:7119", "href": "https://errata.rockylinux.org/RLSA-2022:7119", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "f5": [{"lastseen": "2023-02-08T16:08:41", "description": " * [CVE-2022-21451](<https://vulners.com/cve/CVE-2022-21451>)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * [CVE-2022-21452](<https://vulners.com/cve/CVE-2022-21452>)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * [CVE-2022-21454](<https://vulners.com/cve/CVE-2022-21454>)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).\n\n * [CVE-2022-21457](<https://vulners.com/cve/CVE-2022-21457>)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).\n\n * [CVE-2022-21459](<https://vulners.com/cve/CVE-2022-21459>)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).\n\n * [CVE-2022-21423](<https://vulners.com/cve/CVE-2022-21423>)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).\n\n * [CVE-2022-21425](<https://vulners.com/cve/CVE-2022-21425>)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).\n\n * [CVE-2022-21427](<https://vulners.com/cve/CVE-2022-21427>)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: FTS). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * [CVE-2022-21417](<https://vulners.com/cve/CVE-2022-21417>)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * [CVE-2022-21418](<https://vulners.com/cve/CVE-2022-21418>)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.0 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H).\n\n * [CVE-2022-21415](<https://vulners.com/cve/CVE-2022-21415>)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * [CVE-2022-21413](<https://vulners.com/cve/CVE-2022-21413>)\n\nVulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).\n\n * [CVE-2022-21483](<https://vulners.com/cve/CVE-2022-21483>)\n\nVulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).\n\n * [CVE-2022-21484](<https://vulners.com/cve/CVE-2022-21484>)\n\nVulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).\n\n * [CVE-2022-21485](<https://vulners.com/cve/CVE-2022-21485>)\n\nVulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).\n\n * [CVE-2022-21486](<https://vulners.com/cve/CVE-2022-21486>)\n\nVulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 2.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L).\n\n * [CVE-2022-21489](<https://vulners.com/cve/CVE-2022-21489>)\n\nVulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).\n\nImpact\n\nThere is no impact; F5 products are not affected by this vulnerability.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-11T20:27:00", "type": "f5", "title": "Multiple MySQL vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21413", "CVE-2022-21415", "CVE-2022-21417", "CVE-2022-21418", "CVE-2022-21423", "CVE-2022-21425", "CVE-2022-21427", "CVE-2022-21451", "CVE-2022-21452", "CVE-2022-21454", "CVE-2022-21457", "CVE-2022-21459", "CVE-2022-21483", "CVE-2022-21484", "CVE-2022-21485", "CVE-2022-21486", "CVE-2022-21489"], "modified": "2022-05-12T01:30:00", "id": "F5:K63314101", "href": "https://support.f5.com/csp/article/K63314101", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2023-06-14T15:05:33", "description": "## Severity\n\nMedium\n\n## Vendor\n\nCanonical Ubuntu\n\n## Versions Affected\n\n * Canonical Ubuntu 18.04\n\n## Description\n\nMultiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.29 in Ubuntu 20.04 LTS, Ubuntu 21.10, and Ubuntu 22.04 LTS. Ubuntu 18.04 LTS has been updated to MySQL 5.7.38. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-38.html https://dev.mysql.com/doc/relnotes/mysql/8.0/en/news-8-0-29.html https://www.oracle.com/security-alerts/cpuapr2022.html Update Instructions: Run `sudo ua fix USN-5400-1` to fix the vulnerability. The problem can be corrected by updating your system to the following package versions: mysql-client \u2013 5.7.38-0ubuntu0.18.04.1 mysql-source-5.7 \u2013 5.7.38-0ubuntu0.18.04.1 libmysqlclient-dev \u2013 5.7.38-0ubuntu0.18.04.1 mysql-client-core-5.7 \u2013 5.7.38-0ubuntu0.18.04.1 mysql-client-5.7 \u2013 5.7.38-0ubuntu0.18.04.1 libmysqlclient20 \u2013 5.7.38-0ubuntu0.18.04.1 mysql-server-5.7 \u2013 5.7.38-0ubuntu0.18.04.1 mysql-server \u2013 5.7.38-0ubuntu0.18.04.1 mysql-server-core-5.7 \u2013 5.7.38-0ubuntu0.18.04.1 mysql-testsuite \u2013 5.7.38-0ubuntu0.18.04.1 libmysqld-dev \u2013 5.7.38-0ubuntu0.18.04.1 mysql-testsuite-5.7 \u2013 5.7.38-0ubuntu0.18.04.1 No subscription required\n\nCVEs contained in this USN include: CVE-2022-21417, CVE-2022-21427, CVE-2022-21444, CVE-2022-21451, CVE-2022-21454, CVE-2022-21460, CVE-2022-21412, CVE-2022-21413, CVE-2022-21414, CVE-2022-21415, CVE-2022-21418, CVE-2022-21423, CVE-2022-21425, CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21440, CVE-2022-21452, CVE-2022-21457, CVE-2022-21459, CVE-2022-21462, CVE-2022-21478.\n\n## Affected Cloud Foundry Products and Versions\n\n_Severity is medium unless otherwise noted._\n\n * cflinuxfs3 \n * All versions prior to 0.8.0\n * CF Deployment \n * All versions prior to 1.9.0\n\n## Mitigation\n\nUsers of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:\n\n * cflinuxfs3 \n * Upgrade all versions to 0.8.0 or greater\n * CF Deployment \n * Upgrade all versions to 1.9.0 or greater\n\n## References\n\n * [USN Notice](<https://ubuntu.com/security/notices/USN-5400-1>)\n * [CVE-2022-21417](<https://ubuntu.com/security/CVE-2022-21417>)\n * [CVE-2022-21427](<https://ubuntu.com/security/CVE-2022-21427>)\n * [CVE-2022-21444](<https://ubuntu.com/security/CVE-2022-21444>)\n * [CVE-2022-21451](<https://ubuntu.com/security/CVE-2022-21451>)\n * [CVE-2022-21454](<https://ubuntu.com/security/CVE-2022-21454>)\n * [CVE-2022-21460](<https://ubuntu.com/security/CVE-2022-21460>)\n * [CVE-2022-21412](<https://ubuntu.com/security/CVE-2022-21412>)\n * [CVE-2022-21413](<https://ubuntu.com/security/CVE-2022-21413>)\n * [CVE-2022-21414](<https://ubuntu.com/security/CVE-2022-21414>)\n * [CVE-2022-21415](<https://ubuntu.com/security/CVE-2022-21415>)\n * [CVE-2022-21418](<https://ubuntu.com/security/CVE-2022-21418>)\n * [CVE-2022-21423](<https://ubuntu.com/security/CVE-2022-21423>)\n * [CVE-2022-21425](<https://ubuntu.com/security/CVE-2022-21425>)\n * [CVE-2022-21435](<https://ubuntu.com/security/CVE-2022-21435>)\n * [CVE-2022-21436](<https://ubuntu.com/security/CVE-2022-21436>)\n * [CVE-2022-21437](<https://ubuntu.com/security/CVE-2022-21437>)\n * [CVE-2022-21438](<https://ubuntu.com/security/CVE-2022-21438>)\n * [CVE-2022-21440](<https://ubuntu.com/security/CVE-2022-21440>)\n * [CVE-2022-21452](<https://ubuntu.com/security/CVE-2022-21452>)\n * [CVE-2022-21457](<https://ubuntu.com/security/CVE-2022-21457>)\n * [CVE-2022-21459](<https://ubuntu.com/security/CVE-2022-21459>)\n * [CVE-2022-21462](<https://ubuntu.com/security/CVE-2022-21462>)\n * [CVE-2022-21478](<https://ubuntu.com/security/CVE-2022-21478>)\n\n## History\n\n2022-05-26: Initial vulnerability report published.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-05-26T00:00:00", "type": "cloudfoundry", "title": "USN-5400-1: MySQL vulnerabilities | Cloud Foundry", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21412", "CVE-2022-21413", "CVE-2022-21414", "CVE-2022-21415", "CVE-2022-21417", "CVE-2022-21418", "CVE-2022-21423", "CVE-2022-21425", "CVE-2022-21427", "CVE-2022-21435", "CVE-2022-21436", "CVE-2022-21437", "CVE-2022-21438", "CVE-2022-21440", "CVE-2022-21444", "CVE-2022-21451", "CVE-2022-21452", "CVE-2022-21454", "CVE-2022-21457", "CVE-2022-21459", "CVE-2022-21460", "CVE-2022-21462", "CVE-2022-21478"], "modified": "2022-05-26T00:00:00", "id": "CFOUNDRY:68E476AF9D5B8FC907942BBA54BB31EB", "href": "https://www.cloudfoundry.org/blog/usn-5400-1-mysql-vulnerabilities/", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "altlinux": [{"lastseen": "2022-07-06T03:04:11", "description": "8.0.29-alt1 built July 5, 2022 Nikolai Kostrigin in task [#302902](<https://git.altlinux.org/tasks/302902/>) \n--- \nJune 30, 2022 Nikolai Kostrigin \n \n \n - new version\n + (fixes: CVE-2021-22570, CVE-2022-0778, CVE-2022-21454, CVE-2022-21457)\n + (fixes: CVE-2022-21425, CVE-2022-21440, CVE-2022-21459, CVE-2022-21478)\n + (fixes: CVE-2022-21479, CVE-2022-21418, CVE-2022-21417, CVE-2022-21413)\n + (fixes: CVE-2022-21427, CVE-2022-21412, CVE-2022-21414, CVE-2022-21435)\n + (fixes: CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21452)\n + (fixes: CVE-2022-21462, CVE-2022-21415, CVE-2022-21451, CVE-2022-21444)\n + (fixes: CVE-2022-21460, CVE-2022-21423)\n - update mysql-shell 8.0.28 -> 8.0.29\n - update alt-disable-run-libmysql_api_test patch\n - update bundled boost headers 1.73.0 -> 1.77.0\n - spec: turn build of mysql-shell and mysql-router off\n - add boostfix_multiprecision_issue_419-ppc64le patch\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-07-05T00:00:00", "type": "altlinux", "title": "Security fix for the ALT Linux 10 package MySQL version 8.0.29-alt1", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22570", "CVE-2022-0778", "CVE-2022-21412", "CVE-2022-21413", "CVE-2022-21414", "CVE-2022-21415", "CVE-2022-21417", "CVE-2022-21418", "CVE-2022-21423", "CVE-2022-21425", "CVE-2022-21427", "CVE-2022-21435", "CVE-2022-21436", "CVE-2022-21437", "CVE-2022-21438", "CVE-2022-21440", "CVE-2022-21444", "CVE-2022-21451", "CVE-2022-21452", "CVE-2022-21454", "CVE-2022-21457", "CVE-2022-21459", "CVE-2022-21460", "CVE-2022-21462", "CVE-2022-21478", "CVE-2022-21479"], "modified": "2022-07-05T00:00:00", "id": "462FD49112FE85163EF025EFB6E6CCFC", "href": "https://packages.altlinux.org/en/p10/srpms/MySQL/2820015927597320641", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "ibm": [{"lastseen": "2023-06-24T05:53:08", "description": "## Summary\n\nIBM Security Guardium has addressed the following vulnerabilities.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-31805](<https://vulners.com/cve/CVE-2021-31805>) \n** DESCRIPTION: **Apache Struts could allow a remote attacker to execute arbitrary code on the system, caused by a double evaluation of tag attributes. By forcing OGNL evaluation of specially-crafted data using the %{...} syntax, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 8.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223990](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223990>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-21413](<https://vulners.com/cve/CVE-2022-21413>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Server related to the Server: DML component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224701](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224701>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-21423](<https://vulners.com/cve/CVE-2022-21423>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Server related to the InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 2.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224711](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224711>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21482](<https://vulners.com/cve/CVE-2022-21482>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Cluster related to the Cluster: General component could allow an authenticated attacker to take control of the system. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224764](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224764>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-21490](<https://vulners.com/cve/CVE-2022-21490>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Cluster related to the Cluster: General component could allow an authenticated attacker to take control of the system. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224772](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224772>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-21425](<https://vulners.com/cve/CVE-2022-21425>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Server related to the Server: DDL component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and high availability impact. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224713](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224713>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H) \n \n** CVEID: **[CVE-2022-21460](<https://vulners.com/cve/CVE-2022-21460>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Server related to the Server: Logging component could allow an authenticated attacker to obtain sensitive information resulting in a high confidentiality impact using unknown attack vectors. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224742](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224742>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-21412](<https://vulners.com/cve/CVE-2022-21412>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224700](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224700>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-21444](<https://vulners.com/cve/CVE-2022-21444>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Server related to the Server: DDL component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224727](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224727>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-21489](<https://vulners.com/cve/CVE-2022-21489>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Cluster related to the Cluster: General component could allow an authenticated attacker to take control of the system. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224771](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224771>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-21484](<https://vulners.com/cve/CVE-2022-21484>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Cluster related to the Cluster: General component could allow an authenticated attacker to cause low confidentiality impact, no integrity impact, and low availability impact. \nCVSS Base score: 2.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224766](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224766>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L) \n \n** CVEID: **[CVE-2022-21462](<https://vulners.com/cve/CVE-2022-21462>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224744](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224744>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-21485](<https://vulners.com/cve/CVE-2022-21485>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Cluster related to the Cluster: General component could allow an authenticated attacker to cause low confidentiality impact, no integrity impact, and low availability impact. \nCVSS Base score: 2.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224767](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224767>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L) \n \n** CVEID: **[CVE-2022-21427](<https://vulners.com/cve/CVE-2022-21427>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Server related to the Server: FTS component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224715](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224715>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-21478](<https://vulners.com/cve/CVE-2022-21478>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and high availability impact. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224760](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224760>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H) \n \n** CVEID: **[CVE-2022-21435](<https://vulners.com/cve/CVE-2022-21435>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224719](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224719>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-21437](<https://vulners.com/cve/CVE-2022-21437>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224721](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224721>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-21417](<https://vulners.com/cve/CVE-2022-21417>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Server related to the InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224705](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224705>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-21483](<https://vulners.com/cve/CVE-2022-21483>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Cluster related to the Cluster: General component could allow an authenticated attacker to take control of the system. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224765](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224765>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-21414](<https://vulners.com/cve/CVE-2022-21414>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224702](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224702>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-21454](<https://vulners.com/cve/CVE-2022-21454>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Server related to the Server: Group Replication Plugin component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224737](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224737>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-21436](<https://vulners.com/cve/CVE-2022-21436>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224720](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224720>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-21479](<https://vulners.com/cve/CVE-2022-21479>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow an authenticated attacker to cause low confidentiality impact, no integrity impact, and high availability impact. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224761](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224761>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:H) \n \n** CVEID: **[CVE-2022-21415](<https://vulners.com/cve/CVE-2022-21415>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Server related to the Server: Replication component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224703](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224703>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-21440](<https://vulners.com/cve/CVE-2022-21440>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and high availability impact. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224723](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224723>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H) \n \n** CVEID: **[CVE-2022-21418](<https://vulners.com/cve/CVE-2022-21418>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Server related to the InnoDB component could allow an authenticated attacker to cause no confidentiality impact, low integrity impact, and high availability impact. \nCVSS Base score: 5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224706](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224706>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H) \n \n** CVEID: **[CVE-2022-21452](<https://vulners.com/cve/CVE-2022-21452>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Server related to the Server: Optimizer component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224735](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224735>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-21451](<https://vulners.com/cve/CVE-2022-21451>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Server related to the InnoDB component could allow an authenticated attacker to cause a denial of service resulting in a high availability impact using unknown attack vectors. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224734](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224734>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-21486](<https://vulners.com/cve/CVE-2022-21486>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle MySQL Cluster related to the Cluster: General component could allow an authenticated attacker to cause low confidentiality impact, no integrity impact, and low availability impact. \nCVSS Base score: 2.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/224768](<https://exchange.xforce.ibmcloud.com/vulnerabilities/224768>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:L)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s)** \n---|--- \nIBM Security Guardium| 10.5 \nIBM Security Guardium| 10.6 \nIBM Security Guardium| 11.0 \nIBM Security Guardium| 11.1 \nIBM Security Guardium| 11.2 \nIBM Security Guardium| 11.3 \nIBM Security Guardium| 11.4 \n \n## Remediation/Fixes\n\nIBM encourages customers to update their systems promptly.\n\n** Product**| **Versions**| ** Fix** \n---|---|--- \nIBM Security Guardium| 10.5| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&amp;product=ibm/Information+Management/InfoSphere+Guardium&amp;release=10.0&amp;platform=Linux&amp;function=fixId&amp;fixids=SqlGuard_10.0p555_Bundle_Oct-07-2022&amp;includeSupersedes=0&amp;source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=Linux&function=fixId&fixids=SqlGuard_10.0p555_Bundle_Oct-07-2022&includeSupersedes=0&source=fc>) \nIBM Security Guardium| 10.6| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&amp;product=ibm/Information+Management/InfoSphere+Guardium&amp;release=10.0&amp;platform=Linux&amp;function=fixId&amp;fixids=SqlGuard_10.0p694_Bundle_Aug-11-2022&amp;includeSupersedes=0&amp;source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=10.0&platform=Linux&function=fixId&fixids=SqlGuard_10.0p694_Bundle_Aug-11-2022&includeSupersedes=0&source=fc>) \nIBM Security Guardium| 11.0| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&amp;product=ibm/Information+Management/InfoSphere+Guardium&amp;release=11.0&amp;platform=Linux&amp;function=fixId&amp;fixids=SqlGuard_11.0p51_Bundle_Sep-27-2022&amp;includeSupersedes=0&amp;source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p51_Bundle_Sep-27-2022&includeSupersedes=0&source=fc>) \nIBM Security Guardium| 11.1| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&amp;product=ibm/Information+Management/InfoSphere+Guardium&amp;release=11.0&amp;platform=Linux&amp;function=fixId&amp;fixids=SqlGuard-11.0p165_Bundle_Sep_01_2022&amp;includeSupersedes=0&amp;source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard-11.0p165_Bundle_Sep_01_2022&includeSupersedes=0&source=fc>) \nIBM Security Guardium| 11.2| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&amp;product=ibm/Information+Management/InfoSphere+Guardium&amp;release=11.0&amp;platform=Linux&amp;function=fixId&amp;fixids=SqlGuard_11.0p277_Bundle_Oct-26-2022&amp;includeSupersedes=0&amp;source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p277_Bundle_Oct-26-2022&includeSupersedes=0&source=fc>) \nIBM Security Guardium| 11.3| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&amp;product=ibm/Information+Management/InfoSphere+Guardium&amp;release=11.0&amp;platform=Linux&amp;function=fixId&amp;fixids=SqlGuard_11.0p372_Bundle_Sep-19-2022&amp;includeSupersedes=0&amp;source=fc](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p372_Bundle_Sep-19-2022&includeSupersedes=0&source=fc>) \nIBM Security Guardium| 11.4| [http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&amp;product=ibm/Information+Management/InfoSphere+Guardium&amp;release=11.0&amp;platform=Linux&amp;function=fixId&amp;fixids=SqlGuard_11.0p440_Bundle_Jun-03-2022&amp;includeSupersedes=0&amp;source=fc ](<http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%20Security&product=ibm/Information+Management/InfoSphere+Guardium&release=11.0&platform=Linux&function=fixId&fixids=SqlGuard_11.0p440_Bundle_Jun-03-2022&includeSupersedes=0&source=fc>) \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-08T16:20:11", "type": "ibm", "title": "Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-31805", "CVE-2022-21412", "CVE-2022-21413", "CVE-2022-21414", "CVE-2022-21415", "CVE-2022-21417", "CVE-2022-21418", "CVE-2022-21423", "CVE-2022-21425", "CVE-2022-21427", "CVE-2022-21435", "CVE-2022-21436", "CVE-2022-21437", "CVE-2022-21440", "CVE-2022-21444", "CVE-2022-21451", "CVE-2022-21452", "CVE-2022-21454", "CVE-2022-21460", "CVE-2022-21462", "CVE-2022-21478", "CVE-2022-21479", "CVE-2022-21482", "CVE-2022-21483", "CVE-2022-21484", "CVE-2022-21485", "CVE-2022-21486", "CVE-2022-21489", "CVE-2022-21490"], "modified": "2022-11-08T16:20:11", "id": "064FD556C4762AE8E89F37889FD34F9616BE42AFD5AC481AFEE2D3E4FE61094B", "href": "https://www.ibm.com/support/pages/node/6598055", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2023-06-17T15:26:54", "description": "\n\nOracle reports:\n\nThe 2022 April Critical Patch Update contains 43 new security\n\t patches for Oracle MySQL. 11 of these vulnerabilities may be\n\t remotely exploitable without authentication, i.e., may be\n\t exploited over a network without requiring user credentials.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-04-16T00:00:00", "type": "freebsd", "title": "MySQL -- Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22570", "CVE-2022-0778", "CVE-2022-21412", "CVE-2022-21413", "CVE-2022-21414", "CVE-2022-21415", "CVE-2022-21417", "CVE-2022-21418", "CVE-2022-21423", "CVE-2022-21425", "CVE-2022-21427", "CVE-2022-21435", "CVE-2022-21436", "CVE-2022-21437", "CVE-2022-21438", "CVE-2022-21440", "CVE-2022-21444", "CVE-2022-21451", "CVE-2022-21452", "CVE-2022-21454", "CVE-2022-21457", "CVE-2022-21459", "CVE-2022-21460", "CVE-2022-21462", "CVE-2022-21478", "CVE-2022-21479", "CVE-2022-21482", "CVE-2022-21483", "CVE-2022-21484", "CVE-2022-21485", "CVE-2022-21486", "CVE-2022-21489", "CVE-2022-21490"], "modified": "2022-05-23T00:00:00", "id": "ADD683BE-BD76-11EC-A06F-D4C9EF517024", "href": "https://vuxml.freebsd.org/freebsd/add683be-bd76-11ec-a06f-d4c9ef517024.html", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}], "almalinux": [{"lastseen": "2023-06-14T15:19:36", "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nThe following packages have been upgraded to a later upstream version: mysql (8.0.30). (BZ#2122589)\n\nSecurity Fix(es):\n\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CPU Apr 2022) (CVE-2022-21412, CVE-2022-21414, CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21440, CVE-2022-21452, CVE-2022-21459, CVE-2022-21462, CVE-2022-21478, CVE-2022-21479)\n* mysql: Server: DML unspecified vulnerability (CPU Apr 2022) (CVE-2022-21413)\n* mysql: Server: Replication unspecified vulnerability (CPU Apr 2022) (CVE-2022-21415)\n* mysql: InnoDB multiple unspecified vulnerabilities (CPU Apr 2022) (CVE-2022-21417, CVE-2022-21418, CVE-2022-21451, CVE-2022-21423)\n* mysql: Server: DDL multiple unspecified vulnerabilities (CPU Apr 2022) (CVE-2022-21425, CVE-2022-21444)\n* mysql: Server: FTS unspecified vulnerability (CPU Apr 2022) (CVE-2022-21427)\n* mysql: Server: Group Replication Plugin unspecified vulnerability (CPU Apr 2022) (CVE-2022-21454)\n* mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Jul 2022) (CVE-2022-21455)\n* mysql: Server: PAM Auth Plugin unspecified vulnerability (CPU Apr 2022) (CVE-2022-21457)\n* mysql: Server: Logging unspecified vulnerability (CPU Apr 2022) (CVE-2022-21460)\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CPU Jul 2022) (CVE-2022-21509, CVE-2022-21525, CVE-2022-21526, CVE-2022-21527, CVE-2022-21528, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531, CVE-2022-21553, CVE-2022-21556, CVE-2022-21569)\n* mysql: Server: Options unspecified vulnerability (CPU Jul 2022) (CVE-2022-21515)\n* mysql: InnoDB multiple unspecified vulnerabilities (CPU Jul 2022) (CVE-2022-21517, CVE-2022-21537, CVE-2022-21539)\n* mysql: Server: Stored Procedure multiple unspecified vulnerabilities (CPU Jul 2022) (CVE-2022-21522, CVE-2022-21534)\n* mysql: Server: Federated unspecified vulnerability (CPU Jul 2022) (CVE-2022-21547)\n* mysql: Server: Security: Encryption unspecified vulnerability (CPU Jul 2022) (CVE-2022-21538)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Default logrotate set to wrong log file (BZ#2122592)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-20T00:00:00", "type": "almalinux", "title": "Moderate: mysql security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21412", "CVE-2022-21413", "CVE-2022-21414", "CVE-2022-21415", "CVE-2022-21417", "CVE-2022-21418", "CVE-2022-21423", "CVE-2022-21425", "CVE-2022-21427", "CVE-2022-21435", "CVE-2022-21436", "CVE-2022-21437", "CVE-2022-21438", "CVE-2022-21440", "CVE-2022-21444", "CVE-2022-21451", "CVE-2022-21452", "CVE-2022-21454", "CVE-2022-21455", "CVE-2022-21457", "CVE-2022-21459", "CVE-2022-21460", "CVE-2022-21462", "CVE-2022-21478", "CVE-2022-21479", "CVE-2022-21509", "CVE-2022-21515", "CVE-2022-21517", "CVE-2022-21522", "CVE-2022-21525", "CVE-2022-21526", "CVE-2022-21527", "CVE-2022-21528", "CVE-2022-21529", "CVE-2022-21530", "CVE-2022-21531", "CVE-2022-21534", "CVE-2022-21537", "CVE-2022-21538", "CVE-2022-21539", "CVE-2022-21547", "CVE-2022-21553", "CVE-2022-21556", "CVE-2022-21569"], "modified": "2022-10-19T07:05:51", "id": "ALSA-2022:6590", "href": "https://errata.almalinux.org/9/ALSA-2022-6590.html", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2023-09-18T14:51:40", "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nThe following packages have been upgraded to a later upstream version: mysql (8.0.30).\n\nSecurity Fix(es):\n\n* mysql: Server: DML multiple unspecified vulnerabilities (CVE-2021-2478, CVE-2021-2479, CVE-2021-35591, CVE-2021-35607, CVE-2022-21301, CVE-2022-21413)\n* mysql: Server: Optimizer multiple unspecified vulnerabilities (CVE-2021-2481, CVE-2021-35575, CVE-2021-35577, CVE-2021-35610, CVE-2021-35612, CVE-2021-35626, CVE-2021-35627, CVE-2021-35628, CVE-2021-35634, CVE-2021-35635, CVE-2021-35636, CVE-2021-35638, CVE-2021-35641, CVE-2021-35642, CVE-2021-35643, CVE-2021-35644, CVE-2021-35645, CVE-2021-35646, CVE-2021-35647, CVE-2022-21253, CVE-2022-21254, CVE-2022-21264, CVE-2022-21278, CVE-2022-21297, CVE-2022-21339, CVE-2022-21342, CVE-2022-21351, CVE-2022-21370, CVE-2022-21378, CVE-2022-21412, CVE-2022-21414, CVE-2022-21435, CVE-2022-21436, CVE-2022-21437, CVE-2022-21438, CVE-2022-21440, CVE-2022-21452, CVE-2022-21459, CVE-2022-21462, CVE-2022-21478, CVE-2022-21479, CVE-2022-21509, CVE-2022-21525, CVE-2022-21526, CVE-2022-21527, CVE-2022-21528, CVE-2022-21529, CVE-2022-21530, CVE-2022-21531, CVE-2022-21553, CVE-2022-21569, CVE-2022-21265)\n* mysql: Server: Replication multiple unspecified vulnerabilities (CVE-2021-35546, CVE-2022-21344, CVE-2022-21415)\n* mysql: Server: Error Handling unspecified vulnerability (CVE-2021-35596)\n* mysql: C API unspecified vulnerability (CVE-2021-35597)\n* mysql: Server: Options multiple unspecified vulnerabilities (CVE-2021-35602, CVE-2021-35630, CVE-2022-21515)\n* mysql: InnoDB multiple unspecified vulnerabilities (CVE-2021-35604, CVE-2022-21302, CVE-2022-21348, CVE-2022-21352, CVE-2022-21417, CVE-2022-21418, CVE-2022-21451, CVE-2022-21517, CVE-2022-21537, CVE-2022-21539, CVE-2022-21423)\n* mysql: Server: Group Replication Plugin multiple unspecified vulnerabilities (CVE-2021-35608, CVE-2022-21256, CVE-2022-21379, CVE-2022-21454)\n* mysql: Server: Security: Encryption multiple unspecified vulnerabilities (CVE-2021-35622, CVE-2022-21358, CVE-2022-21372, CVE-2022-21538)\n* mysql: Server: Security: Privileges multiple unspecified vulnerabilities (CVE-2021-35624, CVE-2022-21245, CVE-2021-35625)\n* mysql: Server: GIS unspecified vulnerability (CVE-2021-35631)\n* mysql: Server: Data Dictionary unspecified vulnerability (CVE-2021-35632)\n* mysql: Server: PS unspecified vulnerability (CVE-2021-35637)\n* mysql: Server: Stored Procedure multiple unspecified vulnerabilities (CVE-2021-35639, CVE-2022-21303, CVE-2022-21522, CVE-2022-21534)\n* mysql: Server: FTS multiple unspecified vulnerabilities (CVE-2021-35648, CVE-2022-21427)\n* mysql: Server: Federated multiple unspecified vulnerabilities (CVE-2022-21270, CVE-2022-21547)\n* mysql: Server: Parser unspecified vulnerability (CVE-2022-21304)\n* mysql: Server: Information Schema multiple unspecified vulnerabilities (CVE-2022-21362, CVE-2022-21374)\n* mysql: Server: Compiling unspecified vulnerability (CVE-2022-21367)\n* mysql: Server: Components Services unspecified vulnerability (CVE-2022-21368)\n* mysql: Server: DDL multiple unspecified vulnerabilities (CVE-2022-21425, CVE-2022-21444, CVE-2021-35640, CVE-2022-21249)\n* mysql: Server: PAM Auth Plugin unspecified vulnerability (CVE-2022-21457)\n* mysql: Server: Logging multiple unspecified vulnerabilities (CVE-2022-21460, CVE-2021-35633)\n* mysql: Server: Security: Roles unspecified vulnerability (CVE-2021-35623)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Rebuild mecab due to change in the suffix (from .el8 to .el8.0.0) [almalinux-8] (BZ#2110940)", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2022-10-25T00:00:00", "type": "almalinux", "title": "Moderate: mysql:8.0 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-2478", "CVE-2021-2479", "CVE-2021-2481", "CVE-2021-35546", "CVE-2021-35575", "CVE-2021-35577", "CVE-2021-35591", "CVE-2021-35596", "CVE-2021-35597", "CVE-2021-35602", "CVE-2021-35604", "CVE-2021-35607", "CVE-2021-35608", "CVE-2021-35610", "CVE-2021-35612", "CVE-2021-35622", "CVE-2021-35623", "CVE-2021-35624", "CVE-2021-35625", "CVE-2021-35626", "CVE-2021-35627", "CVE-2021-35628", "CVE-2021-35630", "CVE-2021-35631", "CVE-2021-35632", "CVE-2021-35633", "CVE-2021-35634", "CVE-2021-35635", "CVE-2021-35636", "CVE-2021-35637", "CVE-2021-35638", "CVE-2021-35639", "CVE-2021-35640", "CVE-2021-35641", "CVE-2021-35642", "CVE-2021-35643", "CVE-2021-35644", "CVE-2021-35645", "CVE-2021-35646", "CVE-2021-35647", "CVE-2021-35648", "CVE-2022-21245", "CVE-2022-21249", "CVE-2022-21253", "CVE-2022-21254", "CVE-2022-21256", "CVE-2022-21264", "CVE-2022-21265", "CVE-2022-21270", "CVE-2022-21278", "CVE-2022-21297", "CVE-2022-21301", "CVE-2022-21302", "CVE-2022-21303", "CVE-2022-21304", "CVE-2022-21339", "CVE-2022-21342", "CVE-2022-21344", "CVE-2022-21348", "CVE-2022-21351", "CVE-2022-21352", "CVE-2022-21358", "CVE-2022-21362", "CVE-2022-21367", "CVE-2022-21368", "CVE-2022-21370", "CVE-2022-21372", "CVE-2022-21374", "CVE-2022-21378", "CVE-2022-21379", "CVE-2022-21412", "CVE-2022-21413", "CVE-2022-21414", "CVE-2022-21415", "CVE-2022-21417", "CVE-2022-21418", "CVE-2022-21423", "CVE-2022-21425", "CVE-2022-21427", "CVE-2022-21435", "CVE-2022-21436", "CVE-2022-21437", "CVE-2022-21438", "CVE-2022-21440", "CVE-2022-21444", "CVE-2022-21451", "CVE-2022-21452", "CVE-2022-21454", "CVE-2022-21457", "CVE-2022-21459", "CVE-2022-21460", "CVE-2022-21462", "CVE-2022-21478", "CVE-2022-21479", "CVE-2022-21509", "CVE-2022-21515", "CVE-2022-21517", "CVE-2022-21522", "CVE-2022-21525", "CVE-2022-21526", "CVE-2022-21527", "CVE-2022-21528", "CVE-2022-21529", "CVE-2022-21530", "CVE-2022-21531", "CVE-2022-21534", "CVE-2022-21537", "CVE-2022-21538", "CVE-2022-21539", "CVE-2022-21547", "CVE-2022-21553", "CVE-2022-21569"], "modified": "2023-09-15T13:41:48", "id": "ALSA-2022:7119", "href": "https://errata.almalinux.org/8/ALSA-2022-7119.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "oraclelinux": [{"lastseen": "2022-09-22T03:00:49", "description": "[8.0.30-3]\n- Release bump for rebuild\n[8.0.30-1]\n- Update to MySQL 8.0.30\n- Remove patches now upstream:\n chain certs, OpenSSL 3, s390 and robin hood\n- Add a new plugin\n[8.0.29-1]\n- Update to MySQL 8.0.29", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-22T00:00:00", "type": "oraclelinux", "title": "mysql security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21412", "CVE-2022-21413", "CVE-2022-21414", "CVE-2022-21415", "CVE-2022-21417", "CVE-2022-21418", "CVE-2022-21423", "CVE-2022-21425", "CVE-2022-21427", "CVE-2022-21435", "CVE-2022-21436", "CVE-2022-21437", "CVE-2022-21438", "CVE-2022-21440", "CVE-2022-21444", "CVE-2022-21451", "CVE-2022-21452", "CVE-2022-21454", "CVE-2022-21455", "CVE-2022-21457", "CVE-2022-21459", "CVE-2022-21460", "CVE-2022-21462", "CVE-2022-21478", "CVE-2022-21479", "CVE-2022-21509", "CVE-2022-21515", "CVE-2022-21517", "CVE-2022-21522", "CVE-2022-21525", "CVE-2022-21526", "CVE-2022-21527", "CVE-2022-21528", "CVE-2022-21529", "CVE-2022-21530", "CVE-2022-21531", "CVE-2022-21534", "CVE-2022-21537", "CVE-2022-21538", "CVE-2022-21539", "CVE-2022-21547", "CVE-2022-21553", "CVE-2022-21556", "CVE-2022-21569"], "modified": "2022-09-22T00:00:00", "id": "ELSA-2022-6590", "href": "http://linux.oracle.com/errata/ELSA-2022-6590.html", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:P"}}, {"lastseen": "2022-10-27T02:57:46", "description": "mecab\n[0.996-2]\n- Rebuild to fix the issue described in #2000986\n- Resolves: #2000986\nmysql\n[8.0.30-1]\n- Update to MySQL 8.0.30\n- Remove patches now upstream:\n chain certs, s390 and robin hood\n- Add a new plugin 'conflicting_variables.so'\n[8.0.29-1]\n- Update to MySQL 8.0.29\n[8.0.28-1]\n- Update to MySQL 8.0.28\n[8.0.27-1]\n- Update to MySQL 8.0.27", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.2}, "published": "2022-10-27T00:00:00", "type": "oraclelinux", "title": "mysql:8.0 security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 6.8, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-2478", "CVE-2021-2479", "CVE-2021-2481", "CVE-2021-35546", "CVE-2021-35575", "CVE-2021-35577", "CVE-2021-35591", "CVE-2021-35596", "CVE-2021-35597", "CVE-2021-35602", "CVE-2021-35604", "CVE-2021-35607", "CVE-2021-35608", "CVE-2021-35610", "CVE-2021-35612", "CVE-2021-35622", "CVE-2021-35623", "CVE-2021-35624", "CVE-2021-35625", "CVE-2021-35626", "CVE-2021-35627", "CVE-2021-35628", "CVE-2021-35630", "CVE-2021-35631", "CVE-2021-35632", "CVE-2021-35633", "CVE-2021-35634", "CVE-2021-35635", "CVE-2021-35636", "CVE-2021-35637", "CVE-2021-35638", "CVE-2021-35639", "CVE-2021-35640", "CVE-2021-35641", "CVE-2021-35642", "CVE-2021-35643", "CVE-2021-35644", "CVE-2021-35645", "CVE-2021-35646", "CVE-2021-35647", "CVE-2021-35648", "CVE-2022-21245", "CVE-2022-21249", "CVE-2022-21253", "CVE-2022-21254", "CVE-2022-21256", "CVE-2022-21264", "CVE-2022-21265", "CVE-2022-21270", "CVE-2022-21278", "CVE-2022-21297", "CVE-2022-21301", "CVE-2022-21302", "CVE-2022-21303", "CVE-2022-21304", "CVE-2022-21339", "CVE-2022-21342", "CVE-2022-21344", "CVE-2022-21348", "CVE-2022-21351", "CVE-2022-21352", "CVE-2022-21358", "CVE-2022-21362", "CVE-2022-21367", "CVE-2022-21368", "CVE-2022-21370", "CVE-2022-21372", "CVE-2022-21374", "CVE-2022-21378", "CVE-2022-21379", "CVE-2022-21412", "CVE-2022-21413", "CVE-2022-21414", "CVE-2022-21415", "CVE-2022-21417", "CVE-2022-21418", "CVE-2022-21423", "CVE-2022-21425", "CVE-2022-21427", "CVE-2022-21435", "CVE-2022-21436", "CVE-2022-21437", "CVE-2022-21438", "CVE-2022-21440", "CVE-2022-21444", "CVE-2022-21451", "CVE-2022-21452", "CVE-2022-21454", "CVE-2022-21457", "CVE-2022-21459", "CVE-2022-21460", "CVE-2022-21462", "CVE-2022-21478", "CVE-2022-21479", "CVE-2022-21509", "CVE-2022-21515", "CVE-2022-21517", "CVE-2022-21522", "CVE-2022-21525", "CVE-2022-21526", "CVE-2022-21527", "CVE-2022-21528", "CVE-2022-21529", "CVE-2022-21530", "CVE-2022-21531", "CVE-2022-21534", "CVE-2022-21537", "CVE-2022-21538", "CVE-2022-21539", "CVE-2022-21547", "CVE-2022-21553", "CVE-2022-21569"], "modified": "2022-10-27T00:00:00", "id": "ELSA-2022-7119", "href": "http://linux.oracle.com/errata/ELSA-2022-7119.html", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:C"}}], "oracle": [{"lastseen": "2023-09-25T15:14:02", "description": "A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third-party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches added since the previous Critical Patch Update Advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security patches. Refer to [\u201cCritical Patch Updates, Security Alerts and Bulletins\u201d](<https://www.oracle.com/security-alerts/>) for information about Oracle Security advisories. \n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore strongly recommends that customers remain on actively-supported versions and apply Critical Patch Update security patches without delay.**\n\nThis Critical Patch Update contains 520 new security patches across the product families listed below. Please note that an MOS note summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ April 2022 Critical Patch Update: Executive Summary and Analysis](<https://support.oracle.com/rs?type=doc&id=2857016.1>).\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-04-19T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - April 2022", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000353", "CVE-2017-14159", "CVE-2017-17740", "CVE-2017-9287", "CVE-2018-1000067", "CVE-2018-1000068", "CVE-2018-1000192", "CVE-2018-1000193", "CVE-2018-1000194", "CVE-2018-1000195", "CVE-2018-11212", "CVE-2018-1285", "CVE-2018-1999001", "CVE-2018-1999002", "CVE-2018-1999003", "CVE-2018-1999004", "CVE-2018-1999005", "CVE-2018-1999007", "CVE-2018-2601", "CVE-2018-6356", "CVE-2018-8032", "CVE-2019-0227", "CVE-2019-1003049", "CVE-2019-1003050", "CVE-2019-10086", "CVE-2019-10247", "CVE-2019-10383", "CVE-2019-10384", "CVE-2019-12086", "CVE-2019-12399", "CVE-2019-12402", "CVE-2019-13038", "CVE-2019-13057", "CVE-2019-13565", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-14822", "CVE-2019-14862", "CVE-2019-16785", "CVE-2019-16786", "CVE-2019-16789", "CVE-2019-16792", "CVE-2019-17195", "CVE-2019-17571", "CVE-2019-18218", "CVE-2019-18276", "CVE-2019-19603", "CVE-2019-20388", "CVE-2019-20838", "CVE-2019-20916", "CVE-2019-3738", "CVE-2019-3739", "CVE-2019-3740", "CVE-2019-3799", "CVE-2019-5827", "CVE-2020-10531", "CVE-2020-10543", "CVE-2020-10693", "CVE-2020-10878", "CVE-2020-11022", "CVE-2020-11023", "CVE-2020-11080", "CVE-2020-11612", "CVE-2020-11971", "CVE-2020-11979", "CVE-2020-12243", "CVE-2020-12723", "CVE-2020-13434", "CVE-2020-13435", "CVE-2020-13935", "CVE-2020-13936", "CVE-2020-13956", "CVE-2020-14155", "CVE-2020-14340", "CVE-2020-14343", "CVE-2020-15250", "CVE-2020-15358", "CVE-2020-15719", "CVE-2020-16135", "CVE-2020-17521", "CVE-2020-17527", "CVE-2020-17530", "CVE-2020-1968", "CVE-2020-1971", "CVE-2020-24616", "CVE-2020-24750", "CVE-2020-24977", "CVE-2020-25638", "CVE-2020-25649", "CVE-2020-25659", "CVE-2020-27218", "CVE-2020-28052", "CVE-2020-28196", "CVE-2020-28895", "CVE-2020-29363", "CVE-2020-29582", "CVE-2020-35198", "CVE-2020-35490", "CVE-2020-35491", "CVE-2020-35728", "CVE-2020-36179", "CVE-2020-36180", "CVE-2020-36181", "CVE-2020-36182", "CVE-2020-36183", "CVE-2020-36184", "CVE-2020-36185", "CVE-2020-36186", "CVE-2020-36187", "CVE-2020-36188", "CVE-2020-36189", "CVE-2020-36242", "CVE-2020-36518", "CVE-2020-5245", "CVE-2020-5413", "CVE-2020-5421", "CVE-2020-6950", "CVE-2020-7226", "CVE-2020-7595", "CVE-2020-7760", "CVE-2020-8172", "CVE-2020-8174", "CVE-2020-8203", "CVE-2020-8231", "CVE-2020-8277", "CVE-2020-8284", "CVE-2020-8285", "CVE-2020-8286", "CVE-2020-8554", "CVE-2020-8908", "CVE-2020-9488", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-20289", "CVE-2021-21275", "CVE-2021-21290", "CVE-2021-21295", "CVE-2021-21409", "CVE-2021-21703", "CVE-2021-22096", "CVE-2021-22118", "CVE-2021-22132", "CVE-2021-22134", "CVE-2021-22144", "CVE-2021-22145", "CVE-2021-22569", "CVE-2021-22570", "CVE-2021-22696", "CVE-2021-22897", "CVE-2021-22898", "CVE-2021-22901", "CVE-2021-22946", "CVE-2021-22947", "CVE-2021-23017", "CVE-2021-23450", "CVE-2021-2351", "CVE-2021-23839", "CVE-2021-23840", "CVE-2021-23841", "CVE-2021-2427", "CVE-2021-2464", "CVE-2021-2471", "CVE-2021-25219", "CVE-2021-26291", "CVE-2021-27568", "CVE-2021-27645", "CVE-2021-27807", "CVE-2021-27906", "CVE-2021-28168", "CVE-2021-28169", "CVE-2021-28170", "CVE-2021-28657", "CVE-2021-29425", "CVE-2021-29505", "CVE-2021-29921", "CVE-2021-30129", "CVE-2021-30468", "CVE-2021-3156", "CVE-2021-31799", "CVE-2021-31810", "CVE-2021-31811", "CVE-2021-31812", "CVE-2021-3200", "CVE-2021-32066", "CVE-2021-32626", "CVE-2021-32627", "CVE-2021-32628", "CVE-2021-32672", "CVE-2021-32675", "CVE-2021-32687", "CVE-2021-32762", "CVE-2021-32785", "CVE-2021-32786", "CVE-2021-32791", "CVE-2021-32792", "CVE-2021-33037", "CVE-2021-33193", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-33813", "CVE-2021-33880", "CVE-2021-34429", "CVE-2021-3445", "CVE-2021-3449", "CVE-2021-3450", "CVE-2021-34798", "CVE-2021-35043", "CVE-2021-3517", "CVE-2021-3518", "CVE-2021-3520", "CVE-2021-3521", "CVE-2021-3537", "CVE-2021-35515", "CVE-2021-35516", "CVE-2021-35517", "CVE-2021-35574", "CVE-2021-3572", "CVE-2021-3580", "CVE-2021-35942", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-36090", "CVE-2021-36160", "CVE-2021-36373", "CVE-2021-36374", "CVE-2021-3690", "CVE-2021-3711", "CVE-2021-3712", "CVE-2021-37136", "CVE-2021-37137", "CVE-2021-37714", "CVE-2021-3807", "CVE-2021-38153", "CVE-2021-39139", "CVE-2021-39140", "CVE-2021-39141", "CVE-2021-39144", "CVE-2021-39145", "CVE-2021-39146", "CVE-2021-39147", "CVE-2021-39148", "CVE-2021-39149", "CVE-2021-39150", "CVE-2021-39151", "CVE-2021-39152", "CVE-2021-39153", "CVE-2021-39154", "CVE-2021-39275", "CVE-2021-4034", "CVE-2021-40438", "CVE-2021-40690", "CVE-2021-4104", "CVE-2021-41099", "CVE-2021-41164", "CVE-2021-41165", "CVE-2021-41182", "CVE-2021-41183", "CVE-2021-41184", "CVE-2021-4160", "CVE-2021-41617", "CVE-2021-4181", "CVE-2021-4182", "CVE-2021-4183", "CVE-2021-4184", "CVE-2021-4185", "CVE-2021-41973", "CVE-2021-42013", "CVE-2021-42340", "CVE-2021-42392", "CVE-2021-42717", "CVE-2021-43395", "CVE-2021-43527", "CVE-2021-43797", "CVE-2021-43818", "CVE-2021-43859", "CVE-2021-44224", "CVE-2021-44531", "CVE-2021-44532", "CVE-2021-44533", "CVE-2021-44790", "CVE-2021-44832", "CVE-2021-45105", "CVE-2022-0391", "CVE-2022-0778", "CVE-2022-20612", "CVE-2022-20613", "CVE-2022-20614", "CVE-2022-20615", "CVE-2022-21271", "CVE-2022-21375", "CVE-2022-2